HTTPS is no longer optional — browsers warn visitors away from sites without it, and search engines favour secure pages. The good news: on Kelma, SSL is free, automatic, and self-renewing. This guide explains how certificates are issued, how to request one manually, and what to do if issuance fails.
Automatic by default
When you attach a domain and it points to Kelma, we automatically request a certificate from a trusted authority and install it. It renews itself well before expiry, so you never have to think about it again. Most sites are fully secured within minutes of the domain resolving.
Request a certificate manually
- Open your site and go to the SSL tab.
- Select the domain (and any aliases) you want to secure.
- Click Request Certificate. Kelma validates the domain and installs the certificate automatically.
- Once active, your site is served over
https://with a valid padlock.
www and non-www versions together so visitors get a valid padlock no matter which they type.Force HTTPS in WordPress
After the certificate is active, make sure WordPress serves everything over HTTPS. Set both the WordPress Address and Site Address in Settings → General to the https:// version of your primary domain. This prevents mixed-content warnings where the page is secure but an image or script still loads over http.
If issuance fails
Certificate authorities have to verify that you control the domain. If a request fails, it is almost always one of these:
| Cause | Fix |
|---|---|
| DNS not pointing to Kelma yet | Add the CNAME/A record and wait for propagation |
| Domain still on another host | Move the DNS, then re-request |
| A conflicting CAA record | Allow the issuing authority in your CAA record |
| A stale proxy/redirect | Disable any external proxy during validation |
Fixing the not secure warning
Sometimes a certificate is installed correctly but the browser still shows a Not secure warning. This is almost always mixed content — the page itself loads over HTTPS, but it pulls an image, script, or stylesheet from an old http URL. To fix it:
- Set both the WordPress Address and Site Address in Settings → General to the
https://version of your domain. - Update any theme or widget links that are hard-coded to
http. - For older sites, run a search-and-replace across the database to swap
http://forhttps://on your own domain.
Frequently asked
Does SSL cost anything?
No. Certificates are free for every domain on your site, and they renew automatically — there is nothing to buy and nothing to reinstall.
How long does a certificate take to issue?
Usually a minute or two once the domain points to Kelma. If it takes longer, a DNS record is almost certainly still propagating.
Do I need to renew it myself?
Never. Renewal is fully automatic and happens well before expiry, so your site is always served over a valid certificate.
In short
SSL is free, automatic, and self-renewing on every Kelma site — you rarely have to think about it at all. When you do need to act, it is usually one of two things: requesting a certificate for a newly attached domain from the SSL tab, or clearing a Not secure warning caused by mixed content. Point your domain at Kelma, force HTTPS in your WordPress settings, and your visitors get the padlock they expect on every page. Because issuance and renewal are handled for you, HTTPS becomes something you set up once and never have to revisit — no expiry dates to track, no manual reinstalls, and no surprise lapses that would scare visitors away.
Leave a Reply