While CertSage has some optimizations for cPanel, you can use it in pretty much any webhosting scenario, possibly with a little tweaking. I've included some guidance for WordPress in the official release pages in this community. (See @_az's link above, which points to the latest official release and information.) You don't need to wait (and probably shouldn't wait) until your site is fully formed to get your production cert. If you were able to successfully acquire a staging cert then you are almost guaranteed to be able to successfully acquire a production cert. Let be know if you run into any trouble.
Hello again,
I tried the staging first. It said successful. Then today I requested the production one and followed the steps up to updating of contact and all said successful. But still showing Not Secure. I went to the .crt to edit but it's all encrypted.
Also, in the Domains to Force to https redirect, the button is grayed out and an alert says there is none or the SSL is not valid.
When I open the .crt (or even the key files) what I see is starts with
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISBCySK/ReslONR70NnCYbb0xpMA0GCSqGSIb3DQEBCwUA
Yep. That's PEM format as it should be. The "header" and "footer" lines are called the "armor". The seemingly-encrypted block inside the armor isn't actually encrypted. It's Base64-encoded DER, not that you need to know or understand what that means to succeed here. I'm merely providing deep information should you (or anyone who comes along) wish to know more. The information and tools that follow are enough to bring anyone up to nearly an expert level when it comes to certificates. Please don't feel that you need to absorb it all.
Per the chain of trust, there are actually three certificates in the following order in your .crt file:
So I tried again. In the end where I have to force to https, it said cannot enable force redirect to https because my server is not configured to support it.
Is that the end of it other than confirming with namecheap that it is so? and that I have to pay for https?
Or is there something I missed along the line?
I cannot see that you've even acquired a production certificate for cardsetcetera.com, but it may not have been reported yet:
Once you have acquired a production certificate, you need to actually install that certificate into cPanel using the button on your CertSage page. Simply acquiring a production certificate does not automatically install it into cPanel.
I think it's successful, but confused - it I enter https, there's no Not secure, but if I enter only www.... it still showing Not secure. Both cardsetcetera.com and www.cardsetcetera.com are showing with valid certificates, expiring 8/12. Is that normal?
They both now have correct redirects from HTTP to HTTPS, so if you don't see that for the www, you can try clearing your browser cache or force-reloading. It looks right to me in general.
Yes, it was pointing to https this morning, but not anymore.
I was about to do the same for the add-on and realized I should have added it from the get go (my SSL with namecheap had different expirations so I thought SSL are dedicated to one site only).
And then I realized my 2nd add-on domain was with GoDaddy. So I uninstalled the cert. Then I pointed my other domain with GoDaddy to namecheap.
In the time I was waiting for GoDaddy to update the DNS, the only other change I made was update my user password for mySQL database and downloaded a theme. I didn't think that should make a difference.
Where/what should I look at this time. I don't mind the repetition however frustrating. I am learning.
Thank you so much for all the help.
I figured out that it's because domain is forced to https. I turned it off and used a different browser. I think I can proceed to do the main and add-ons.
