How does the shared SSL work?

InMotion Hosting allows Shared Hosting plans to share an SSL certificate on the server. The shared SSL certificate does not use your domain. The server hostname is used in your domains place to allow an SSL connection without purchasing an SSL. This article explains the basics of how a Shared SSL works. Click here to learn more about ecommerce hosting.

If you wish to purchase an SSL certificate that is specific to your domain name, please see our article on How do I obtain an SSL certificate?

What is the Shared SSL?

The Shared SSL can be used to bypass the requirement for purchasing an SSL certificate. The Shared certificate does not use your domain name. The server host name is used in conjunction with the cPanel username to allow a secure connection to happen. The Shared SSL looks identical to the Temporary url for your account except for the server name and username. An example of a temporary URL is like following example:

Temporary URL

http://biz91.inmotionhosting.com/~userna5

The Shared SSL will look the same except the server name changes to secure and the http is https.

Shared SSL URL

https://secure91.inmotionhosting.com/~userna5

You can access your server through both the Temp url and the Shared URL. To test this find your Temp URL in your technical details in AMP and view it on your browser. Then alter the Temp URL so its the Shared SSL and view it in your browser.

How does Shared SSL work?

When you access your website normally you access over port 80. Port 80 is a non SSL connection. There is no encryption over this port. the Shared SSL works over port 443. The data that travels over port 443 can be encrypted using SSL.

SSL certificates require a hostname to work. InMotion Hosting installs a valid SSL certificate on all our shared servers main hostname. An example hostname is secure91.inmotiohosting.com. Any connection over that specific hostname will allow the data to be encrypted. What makes the shared SSL “shared” is that the username at the end of the server hostname can change to the specific cPanel username for that account. When the url is accessed with your cPanel username attached at the end, the server knows to find your website by the username.

Basic implementation of the Shared SSL

To implement the shared SSL in your website, you can (in most cases) just add the url into your shopping cart configuration. For information on how to use the Shared SSL in your Shopping cart software, you can check our articles below or you will need to check with your website developer on how your shopping cart was set up.

Use a SSL certificate with PHP-Nuke
How to enable SSL connection in OpenCart
SSL Setup for CubeCart
How to Force SSL in Joomla
Forcing Moodle 2.3 to work over SSL
How to use a Shared SSL with Movable Type

We also have our Ecommerce Getting Started guide that helps you with the SSL set up at the following link.

E-Commerce: Step 6 – Configuring SSL

You can also force the site to go to https using the htaccess file. Please see the following link on this.

How to force a dedicated SSL using the .htaccess file
Forcing your Website’s visitors to use the shared SSL

Thoughts on “How does the shared SSL work?

    • It’s likely that an extra configuration is required. I advise checking with Square support first and seeing what they require. Then, you can check if our servers can accommodate them.

  • I am trying to use Square’s webhooks to receive notification of payments, and when testing it tells me “Could not deliver webhooks notifications – reason https://…. x509 certificate signed by unknown authority”.  I am on a shared server.  Do I provide the Shared SSL https://secure91.inmotionhosting.com/~userna5 for me to Square and is the /~userna5 part the folder I want to use under public_html?

    • Do not copy the exact URL from this article. It is merely an example. You will need to login to your AMP to locate your technical details. The server number in the secure URL is replaced by your actual server number. For instance, if you are on biz194 server, it would be:

      https://secure194.inmotionhosting.com/~userna5

      to reach the public_html directory for userna5. userna5 is just an example of a cPanel username. You need to replace that username with your cPanel username in order to reach the correct public_html for your account. I hope this helps!

  • I am trying to setup OWNCLOUD (in softaculous) using the https protocol option. But when I select https, I get an error box that pops up saying “A trusted SSL Certificate was not found”. Is it possible to use the shared SSL cert with OWNCLOUD, and if so, what steps do I need to take in cpanel to prevent this error message?

  • Hi. I like to embed a Secure Seal SSL provider on the woocommerce store.  We already have SSL from inmotion. But there is some specific link that i can put on imagen so my customer can see who certificated or who provide our ssl ?

  •  I currently have shared SSL on my site which was offered for free by my current hosting, so I would like to continue the SSL with my domain. Is there any way on InMotion to keep the shared SSL on my site for free. – 

    In short, will I get a shared SSL for FREE for my root domain if I migrate to inMotion.

     

    • Yes, your shared SSL resolves to the /public_html folder.

      When you addon a domain, it creates a new folder within the public_html folder such as /public_html/example.com

      So to access that addon domain you would navigate to your Temp URL with /example.com on the end.

      Thank you,
      John-Paul

    • If you are using a CMS such as WordPress, Drupal, Joomla, etc. you should use a plugin or extension to avoid .htaccess issues. This is because CMS’ also rely on .htaccess rules.

      You may have to clear your browser cache before testing again.

      As a test you can also rename your .htaccess file to see if your problems persist.

      Thank you,
      John-Paul

  • HI, I just forced the SSL on my website (as per above), and it didn’t work. So I deleted the redirect, and it is till trying to redirect to the SSL page.

    Now I have no web pages visible, please advise ASAP!

    Thank you

  • I’m confused. Prior to purchasing a hosting plan with InMotion, I inquired as to whether or not InMotion could use Let’s Encrypt since Google is now considering https (security) as a major factor in their ranking algorithm. I was told that I could use the shared certificate, but nothing was mentioned about not being able to use my domain. If I use the shared certificate for my entire site, do I have to tell people to type https://secure91.inmotionhosting.com/~myuser rather than typing my domain name? Also, is this what shows in the address bar? Neither is acceptable. Nor is paying $99/year for an SSL certificate. I would have gone elsewhere (somewhere that I can use Let’s Encrypt) had I known this.

    Please advise. I need HTTPS so I’m not dinged by Google’s algorithm, which I explained to your sales department prior to purchase.

    • Yes, the shared SSL uses the server name n the URL. They are not often used, but for those who want a free option, are available. You may use SSLs created by third parties on our servers, including Let’s Encrypt. We strongly advise against using a free SSL for anything other than email as they offer no warranty. Even our shared SSLs were purchased and have a warranty.

  • This doesn’t need to be posted but I thought that you would like to know that the link for

    How to Force SSL in Joomla 3.0

    is broken.

    Jim

    • Hello Jim,

      Thanks for the information Jim! I’ll have issue fixed tomorrow morning!

      If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

  • Paypal sent us an email specifying that we will need to add SSL SHA-256 to and use TLS 1.2 and http/1.1 on our site (joomla 3+ running virtuemart).

    Paypal proceeses our purchases but we do record user addresses and email addresses.

    Can we use shared SSL? Does InMotion support the required protocols and how do we implement them?  

    • Hello Fred B.,

      The protocols have been updated on our server already. You can always use the shared SSL, but I’m not sure if Paypal will take it – you would need to check with them. Shared SSLs do not use your domain name, they use the name of the server. I hope that helps to answer your question! If you require further assistance, please let us know!

      Regards,
      Arnel C.

  • We received an email from PayPal recently saying that we will need to implement SSL (SHA-256) and TLS 1.2 and HTTP/1.1 Upgrade by June. InMotion is hosting our site (shared) with joomla and we use Virtuemart to set up the transaction, then pass to Paypal for the actual credit card transaction. What do we need to do, if anything, to be compliant?

    • We have been moving new SSLs to SHA 256 for the past year or more, so all new SSLs should have that. The other two factors have been upgraded on the servers as well. You should be compliant as of now.

  • This plugin didn’t work for me with WordPress 4.3.1 (inmotion’s current version), I believe because the login page did not end up being secured.

    Is there any other way to use a shared certificate and host to administer the wordpress instance securely?

    • Hello Corey,

      Sorry for the problem with the plugin for the WordPress SSL. As per the warning on the plugin, it has not been updated for awhile. This is a third-party solution, so unfortunately, if they did not update it, then it is probably of date and no longer functional.

      However, there are others which have been created with the later versions of WordPress. Check out Really Simple SSL. The plugin page says it works with version 4.3.1.

      By the way, the WordPress version isn’t something governed by InMotion. WordPress regularly updates the software version and 4.3.1 is the latest. There will be other updates to the software by December per their blog.

      I hope this helps to answer your question, please let us know if you require any further assistance.

      Regards,
      Arnel C.

  • @lulu – A cost of ssl depends on its type. there are several types of ssl available in the market from domain validation to extended validated certs. dv cert is available in the market from $10 to $100 per annum and if you go for ev which is available from $150 to $1000 per annum. This price depicts resellers price, but if you directly purchase it from certificate authority you will need to pay 25-40% extra.

    So price doesn’t matter until you findout your perfect need. I use to purchase ssl cert for my clients from cheapsslshop.com – they are quit affordable than others. if do not require ev cert for your domain then you should get domain validation or business validation certificate.

  • 1. Is there anything I can or should do when setting up a new WordPress site (or upgrading an old one) to make it as simple and reliable as possible to require all visitors to the site to always use HTTPS?

    2. Which of the two articles about using the htaccess file (links at the bottom of the above article) should I be following to implement this scenario?

    3. (I’m not sure if this is the right place to ask this question…) Is there a way to require all access to email mailboxes to use the secure server, like there is for websites (HTTPS versus HTTP)? I know how to configure my own email clients to use the secure server. My question is about whether there is a way to make that mandatory for everyone else who has mailboxes on my site.

    Thanks

    • Hello Bob,

      Thank you for your question. 1. After installing WordPress, you basically just change the URL to whatever the SSL address is (shared SSL or not). Be sure to include the https:// in the address.

      This will cause visitors to access your WordPress site via https. Here is a link to the official guide on Implementing https in WordPress.

      2. You don’t have to make any changes to your .htaccess, since WordPress will handle the address change for you.

      3. There is no way to make it mandatory for users to connect via SSL, but this can be done on VPS, and Dedicated servers. As a work around, if you only provide the SSL version of the settings to them, it is the only way they will know how to connect. You can see your SSL email settings in cPanel.

      In the future you can create your own question on our Ask a Question page.

      Thank you,
      John-Paul

  • I have registered a domain yesterday in Godaddy. And I want to host this domain in your hosting with Shared SSL 24 Months 3.49/mo to br installed prestashop inside. How does it work ? How do I do with my domain in godaddy if I buy shared SSL in your hosting company?

    Thank you,

    Oki

    • Hello Mr. Oki,

      Having the domain registered at GoDaddy is not an issue. You will simply need to point it to our name servers.

      There may be an issue with using the shared SSL with your PrestaShop site, however. PrestaShop uses a single domain name, using a shared SSL effectively uses a different domain name (sever###.inmotionhosting.com vs the regular domain name) when connecting. Ultimately, you may need to purchase an SSL in order to use it with PrestaShop. This would be true for any host that uses shared SSL.

      If you purchase and have an SSL installed onto your hosting account, it will use the same domain name for both insecure and secure portions, so there will be no issue then.

      Kindest Regards,
      Scott M

Leave a Reply