This guide explains how to order, link or remove a dedicated IP from a website.

Manage dedicated IPs on a hosting plan

Order one or several first dedicated IP addresses

To do this:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on the button to order one or more IP addresses:
   

Order one or several additional dedicated IP addresses

To do this:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on Order :
   

Associate a dedicated IP address with a website on a hosting plan

Once the IP has been ordered and paid for, familiarize yourself with the prerequisites below, as switching to a dedicated IP address for a website may cause a temporary interruption, especially in the presence of a certificat SSL Let’s Encrypt. To limit the impact:

• Start by reducing the TTL of the DNS records A and AAAA (for @ and www) to 5 minutes.
• Wait for the previous TTL duration before making any changes.
• The change below should be made during a period of low traffic to limit the inconvenience caused by the inevitable interruption.
• At the end of the procedure, you will need to wait for the new TTL to propagate the new configuration and for the SSL certificate to be regenerated, then check the accessibility of the site in HTTPS to ensure that everything is working correctly.

To switch to a dedicated IP address:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on the button to dedicate the IP to a site on your hosting:
   
6. Select the site to assign the new IP address to.
7. Check the box after reviewing the warnings.
8. Click on the Associate button:
   

Remove a dedicated IP address from a website

Once the IP is installed, to uninstall it:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on Web in the left sidebar.
4. Click on Dedicated IPs in the left sidebar.
5. Click on the action menu ⋮ located to the right of the relevant item.
6. Choose Unbind:
   
7. Take note of the warnings and confirm the deletion to complete the IP uninstallation procedure.

This guide explains the main differences between an EV and DV certificate.

SSL EV Certificates: for companies

The Sectigo SSL EV certificate can only be issued to companies registered in an official registry.

It provides the highest level of trust with your clients and offers unique advantages in addition to including the benefits of a DV certificate:

• name of your company in the navigation bar
• lock in the navigation bar
• dynamic site seal
• domain name validation
• manual verification of your company's details and identity
• warranty up to $1,750,000 for end users
• 7/7 support

The activation of an EV SSL certificate may take up to 24 hours and will require action on your part.

SSL DV Certificates: for companies and individuals

The Sectigo DV certificate is available to individuals and companies. It does not include some of the advantages mentioned above, but it offers additional benefits compared to free Let's Encrypt SSL certificates:

• dynamic site seal
• domain name validation
• guarantee up to $10,000 for end users
• support 24/7

The activation of a DV SSL certificate is immediate.

And what about Let's Encrypt certificates?

A free Let's Encrypt certificate guarantees the same level of encryption as an EV or DV certificate. However, Let's Encrypt certificates do not offer the following benefits:

• manual validation of your company's credentials and authenticity (EV)
• warranty for end users in case of fraud (EV/DV)
• support in case of questions

In summary, Let's Encrypt certificates ensure the encryption of exchanges between your users and your site, but they do not guarantee to internet users that they are on a legitimate site whose identity has been authenticated by a certification authority.

This guide suggests solutions to resolve common issues and frequent errors that may occur when you try to display your website in https after activating an SSL certificate.

The web browser automatically displays the http version of the site when you try to access it via https

It is recommended to perform the following actions:

• Clear the cache of your applications or your site.
• Check that the pages and scripts of the site do not contain redirects to the http version of the site.
• Check that the site's .htaccess file does not contain redirects to the site's http version.
• Set the https address of the site as the default:
  • with WordPress Infomaniak
  • for other cases

The website displays poorly (missing images, unsupported stylesheets, etc.) or displays a warning in the address bar

It is recommended to perform the following actions:

• Clear the cache of your applications or your site.
• Check that the pages and scripts do not point to external resources in http; the site whynopadlock.com can help you identify the unsecured elements of your site.
• Also refer to this other guide on this topic.

"This web page has a redirect loop", "ERR_TOO_MANY_REDIRECTS"

If your web browser displays this error, it is recommended to perform the following actions:

• If the site runs on a web application like WordPress or Joomla, disable the extensions one by one to identify the problematic one.
• Check that the pages and scripts of the site do not contain redirects to the http version of the site.
• Try to disable HSTS.
• If **Prestashop** is used, you need to activate SSL **on all pages**:
  1. Add your SSL domain:
     • Go to Preferences > SEO & URLs.
     • In the "Shop URL" section, enter your site address in the "SSL Domain" field (without the https://, just www.domain.xyz).
  2. Activate SSL:
     • Go to Preferences > General Settings.
     • At the top of the page, click on "Click here to use the HTTPS protocol before activating SSL mode."
     • A new page will open with your site in secure HTTPS version.
  3. Force SSL usage on the entire site:
     • Go back to Preferences > General Settings.
     • Set the "Enable SSL" option to YES.
     • Also set "Force SSL usage for all pages" to YES.

An old SSL certificate is displayed - clear the SSL cache

Web browsers cache SSL certificates to speed up navigation. Normally, this is not a problem. However, when you develop pages for your website or install a new certificate, the SSL state of the browser can hinder you. For example, you might not see the padlock icon in the browser's address bar after installing a new SSL certificate.

The first thing to do in this case is to make sure that the domain is correctly pointing to the server's IP address (A and AAAA records) and if it is still the wrong SSL certificate that is returned, clear the SSL cache:

• Chrome: go to Settings and click on Settings. Click on Show advanced settings. Under Network, click on Change proxy settings. The Internet Properties dialog box appears. Click on the Content tab. Click on Clear SSL state, then click OK. Find other tips in this other guide.
• Firefox: go to History. Click on Clear Recent History then select Active Logins and click on Clear Now.

Loss of CSS formatting

If the website displays without CSS styling, analyze the page loading with the browser's Console. There might be mixed content errors related to your .css styles, which you will need to resolve to load them correctly again.

Cloudflare

If you use Cloudflare, refer to this other guide on the subject.

This guide explains the differences between the web hosting offers to help you choose the best solution according to your computer needs.

Web Hosting Starter

The free web hosting

The Starter Web hosting is offered for free with each domain name registered with Infomaniak. It provides 10 MB of disk space to create a site (basic pages in HTML language only - no PHP, no database) even without particular knowledge thanks to the Welcome Page tool.

• Register or transfer a domain name with Infomaniak
• Learn more about the benefits included with a domain name

Shared Web Hosting

The flagship offer to create your sites

These web hostings are shared offers (the websites will be hosted on servers whose resources are shared with other customers). To ensure the reliability of these shared services, Infomaniak servers use on average only 40% of the CPU power and are equipped with professional, latest generation SSD disks.

Web hosting offers a minimum of 250 GB of disk space and allows you to manage multiple websites with multiple domain names. This offer includes all the technologies usually used to create professional sites: PHP, MySQL, FTP and SSH access, SSL certificates and easy installation of WordPress or common CMS, etc. It is also possible to add a Node.js site and/or Site Creator.

Cloud Server

Professional Web hosting

With a Cloud Server, the resources allocated to you are not shared with other clients and you can customize the hardware and software configuration of your server according to your needs. A Cloud Server also allows you to use components that are not available on shared web hosting (Node.js, mongoDB, Sol, FFMPEG, etc.).

• A Cloud Server allows you to easily manage your server via the same administration interface as Web hosting - you manage the sites in the same way.
• A VPS allows you to manage your server completely autonomously with the version of Windows or the Linux distribution of your choice (Debian, Ubuntu, openSUSE, ...) - solid technical skills are required to use a VPS, including VPS Lite.

Public Cloud (and Kubernetes Service)

Open, proven, and secure IaaS solution

For Infomaniak, it is the infrastructure that drives kDrive, Swiss Backup and the Webmail, services used by several million users. But Public Cloud is accessible to everyone and provides the resources you need to develop your projects.‍

With customized and tailored offers, you will have no trouble managing your development budget. No setup fees. No minimum amount. Cancelable at any time. You only pay for the resources actually used with Public Cloud at the end of each month, same for Kubernetes Service.

Jelastic Cloud

Web hosting tailored to your chosen technologies

Jelastic Cloud allows you to create custom development environments with the technologies of your choice (PHP, Java, Docker, Ruby, etc.). It is a flexible cloud offering:

• Horizontal and vertical scaling of resources.
• Payment based on actual resource consumption.
• Easy customization of your infrastructure (redundancy, IP, SSL, load balancing, etc.).

Thank you for choosing Infomaniak to secure your sites with a SSL certificate EV or DV from Sectigo.

Main SSL guides

• Order an EV SSL certificate from Sectigo
• Understand the difference between EV and DV certificates
• Use a Sectigo certificate on an external site (other host)
• Understand the Sectigo warranty for SSL Certificates
• Troubleshoot an SSL/https issue
• Install a free Let's Encrypt SSL certificate on a site
• Install a free wildcard SSL certificate
• Uninstall an SSL certificate
• Update a Let's Encrypt SSL certificate (for example after adding/removing aliases)

Further assistance

• Familiarize yourself with all the FAQs on SSL
• Contact Infomaniak support

This guide explains how to replace the main domain name associated with a Website hosted on Infomaniak in case you want to, for example, change the name of your activity or modify the spelling.

Preamble

• It is not possible to simply change the spelling of the domain name in question.
• You must own the new domain name and install it in place of the current one by performing a swap (read below).
• You can also rename your Web Hosting product in the Infomaniak Manager but changing the name of a hosting service has strictly no impact on the URLs of the sites.
• You need to act on the domain name and, if necessary, adapt the content of the site.

Change the website's domain name

Prerequisites

• Prepare the new domain name (if necessary you need to buy it).
• If the change you are looking for is more of a "subdomain" to "main domain" type (dev.domain.xyz → domain.xyz for example) then refer to this other guide.

To replace the domain name assigned to the site with another domain name:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the concerned product:
   
3. Then click on the chevron ‍ to expand the Domains section of this site:
   
4. Refer to this other guide to link the new domain name to your site (read the prerequisites carefully):
   • It is this new linked domain that will replace the current primary domain name after the inversion you will perform below.
5. Once the new domain name is linked to your site, click on the action menu ⋮ to the right of it.
6. Choose Set as primary domain:
   
7. If necessary, delete the old domain name and its variants that have become alias domains alias (and no longer primary domains).

If you are using a SSL certificate, you will need to update it to include the added aliases.

If you are using the dedicated IP option, you will need to uninstall and reinstall it after performing the swap.

Adapt the site content to the new name

In some cases, the web application used to develop the site needs to be adjusted to work with the new domain name. Click on the link corresponding to the development of your site to adapt the content:

• WordPress
• Joomla
• Prestashop
• application offered in WordPress & Apps

This guide details the validity rules for SSL EV and DV certificates (effective as of September 1, 2020).

Validity period of SSL certificates

Following a meeting of the CA/B Forum, which brings together major web players (Safari, Google Chrome, Mozilla Firefox, etc. - learn more), it was decided to set the maximum validity period for SSL certificates to 397 days. This change aims, among other things, to limit the risk of certificate hacking and to increase the level of security of the certificates. It is not excluded that the maximum validity period of a certificate may be further shortened in the coming years. Some players like Apple, Google or even Sectigo are pushing in this direction.

SSL DV Certificates from Sectigo

Sectigo SSL DV certificates with a duration of more than 1 year are automatically renewed by Infomaniak (certificate reissued during the month preceding its expiration date).

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

SSL EV Certificates from Sectigo

The SSL EV certificates from Sectigo will need to be validated each year, regardless of the chosen subscription duration.

It is necessary to reinstall the certificate on your site if it is not managed by Infomaniak.

This guide explains how to uninstall an SSL Certificate regardless of its type, initially installed from the Infomaniak Manager. If your certificate is a paid type and you wish to cancel the current offer instead, refer to this other guide.

Remove an SSL Certificate

To uninstall an Infomaniak certificate:

1. Click here to access the management of your product on the Manager Infomaniak (need help?).
2. Click directly on the name assigned to the product in question:
   
3. Click on the action menu ⋮ located to the right of the relevant item.
4. Click on Uninstall:
   
5. Confirm the uninstallation of the certificate.

This guide explains how to install a free SSL certificate from Let's Encrypt on a website hosted by Infomaniak.

Preamble

• Once the certificate is installed, your website will be accessible in http and https …
  • If necessary automatically redirect all your visitors to the secure https site.
• If you want to include an alias domain recently added to your site that already had a certificate, you need to update it.
• For multiple subdomains, refer to this other guide.
• Let's Encrypt limits certificate installation to:
  • 100 subdomains
  • 20 certificates for 7 days per registered domain
  • 5 failed requests per account per host name per hour

Install a free SSL certificate on a site

Prerequisites

• For the installation to be possible, the DNS of the domain name must be correctly configured to point to the site in question.
• If a change has recently been made at this level, some operations may not be functional immediately.

To access the websites to install an SSL certificate:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product in question:
   
3. Click on Configure under SSL Certificate:
   
4. Click the Install certificate button:
   
5. Choose the free certificate.
6. Click on the Next button:
   
7. Check or select the relevant domains.
8. Click on the Install: button:
   
9. Wait until the certificate is obtained on the site.

This guide details the conditions and procedure to obtain a EV SSL certificate from Sectigo with Infomaniak.

Preamble

• Extended Validation (EV) SSL certificates can only be issued to organizations, companies, and societies legally registered with a recognized government authority (such as a commercial register).
  • The DV certificates from Sectigo and Let's Encrypt are not subject to this constraint.
  • Compare the available SSL certificates
• In case of a DV or EV certificate validation issue, refer to this other guide.

EV Certificate Validation Procedure

Obtaining an EV SSL certificate can take up to 24 hours and requires valid information from the client.

This procedure is repeated every 12 months, regardless of the subscription duration chosen for the EV certificate.

1. Verification of the company's details

The data that will be added to the certificate must first be verified with an independent source:

• the legal or commercial name
• the legal form
• the address
• the postal code
• the region / the canton / the department
• the country / the country code

Attention:

• The company name must exactly match the one registered with the registry or the chamber of commerce; the order can only be processed if the given name is registered and correctly noted.
• Only the registered legal name or the brand name followed by the legal name in parentheses is allowed [example: Commercial Name (Legal Name)]; for entities without a legal name, all commercial names can be used.
• It is forbidden to use a postal address.

Given the above, a new request with correct data in the CSR is sometimes necessary, and Infomaniak may also need your approval to make changes to the information provided during the order.

2. Verification of data in the WHOIS directory

The WHOIS directory displays the information of the owner of a domain name. This data must match the information provided when ordering the EV SSL certificate.

To update the information for a domain in the WHOIS:

• If your domain is managed at Infomaniak, refer to this other guide.
• If your domain is not managed at Infomaniak, contact your host/registrar.

3. Contract & validation for the EV certificate

After ordering an EV certificate, the designated company contact person will receive an email from the certification authority Sectigo with the following documents:

• the certificate application form
• the certificate contract

These documents are pre-filled and the contact person must validate them online using an additional code. This will be provided by a Sectigo telephone robot (the call number will come from the Netherlands, +31 88 775 77 77 in principle) orally to your number registered with the registry or the chamber of commerce.

Each certificate request is validated by phone, including renewals and reissues of multi-domain certificates.

4. Domain verification (for external sites only)

This step verifies that you have control over the domain (if it is external to Infomaniak) for which the certificate is requested. Domains of sites hosted at Infomaniak are automatically validated.

Each (sub-)domain must be approved individually via one of the methods described in this other guide.

This guide explains how to export an SSL certificate from the Infomaniak Manager.

Preamble

• Downloading the certificate generates a file in .zip format.
• The archive contains the .key and .crt files.
• It is recommended to store this certificate and its private key in a secure location, as the latter could allow access to your encrypted data:
  

Export an SSL certificate

To access the management of your certificates:

1. Click here to access the management of your product on the Manager Infomaniak (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the action menu ⋮ to the right of the relevant item in the displayed table.
4. Select Export the certificate and follow the instructions to download the archive:
   

This guide explains how…

1. … generate a CSR and private key to request a third-party certificate from a Certification Authority (CA),
2. … import this certificate for your Infomaniak site, using the CRT obtained from the CA.

Preamble

• Although Infomaniak offers all the SSL certificates you might need…
  • free Let's Encrypt certs for personal sites (only possible with sites hosted at Infomaniak),
  • DV certs from Sectigo for professional/private sites that are not registered in the trade register,
  • EV certs from Sectigo for companies registered in the trade register,
• It is also possible to install an SSL certificate obtained elsewhere (intermediate certificate from a certification authority of your choice), custom or self-signed certificates.

1. Generate a CSR (Certificate Signing Request)

A CSR (Certificate Signing Request or Certificate Signing Request) is an encoded file containing the information necessary to request an SSL/TLS certificate.

It must be generated on your side to ensure that the private key remains under your control, using for example OpenSSL.

Adapt and run the following command from a terminal application (command line interface, CLI) on your device:

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.csr -addext "subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz"

Explanations

• newkey rsa:2048: Generates a new 2048-bit RSA key.
• keyout domain.xyz.key: Specifies the file where the private key will be saved.
• out domain.xyz.csr: Specifies the file where the CSR will be saved.
• addext “subjectAltName = ...”: Adds additional domains via the SAN (Subject Alternative Name) extension, necessary to include all desired domains in the certificate (the main domain domain.xyz + any other associated domain or subdomain, such as www.domain.xyz).

After generation, you can check the contents of the CSR with the following command:

openssl req -in domain.xyz.csr -noout -text

This allows you to verify that all domains listed in subjectAltName are correctly included.

Once the CSR is generated, you can send it to the certification authority (CA) to obtain your SSL/TLS certificate.

2. Import the external certificate

Once validated, the CA issues a certificate (domain.xyz.crt) and sometimes an intermediate certificate (ca_bundle.crt). To access SSL certificate management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on SSL Certificates in the left sidebar.
4. Click the blue Install a certificate button:
   
5. Choose the custom certificate.
6. Click on the Next button:
   
7. Import your certificate and private key, either by importing the .crt and .key files or by copy-pasting.
8. Click on Complete:
   

Alternative command to generate a self-signed certificate (optional)

If you want a local certificate for testing purposes only or without going through a CA (not recommended for production), you can use this command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout domain.xyz.key -out domain.xyz.crt -addext “subjectAltName = DNS:domain.xyz, DNS:www.domain.xyz”

This generates both a self-signed certificate (domain.xyz.crt) and a private key (domain.xyz.key). However, self-signed certificates are not recognized as valid by public browsers or systems. They are only suitable for internal or development environments.

Import an intermediate certificate

When adding a custom SSL certificate, it is possible to import the intermediate certificate (by importing the .crt file or pasting the data provided by the certification authority):

This guide explains how to obtain a custom SSL certificate that you can use with Jelastic Cloud from Infomaniak.

SSL Documentation

Take note of these guides:

• It is quite possible to buy an SSL certificate from Infomaniak in order to install it on Jelastic Cloud afterwards.
• Integrated into Jelastic Cloud, you will also find a valid certificate but only for domains xxx.jcloud.ik-server.com.
• Let's Encrypt certificates can also be obtained for free and for any domain.
• It is possible to obtain a paid certificate, for any domain.
• For testing purposes, you can also set up a self-signed certificate.
   

This guide explains how to add two different EV or DV SSL Certificates to the same site.

Preamble

• Since it is not possible to install two SSL certificates on the same site, it is necessary to create two identical sites.

Creation of the second site

Prerequisites

• Remove any potential domain name alias from your site.

To access web hosting to add a site:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the button Add a site:
   
4. Continue without installing any tool.
5. Choose between using a domain name or a subdomain.
6. Specify the domain or subdomain name.
7. Click on Advanced options.
8. Enable (or not) the Let's Encrypt SSL certificate on the future site.
9. Check the box Set location manually.
10. Choose the same location as the main site:
    
11. Choose the same version PHP as the main site:
12. Click on the blue Next button to start creating the site.

Install the SSL certificate

Once the second site is created (any addition/modification may take up to 48 hours to propagate), you will be able to install an SSL certificate (if you chose not to install the certificate at point 8 above).

To access website management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on SSL Certificates in the left sidebar.
4. Click on the blue button Install a SSL certificate and follow the procedure.

The warranty provided with an EV or DV SSL certificate protects your users against any unexpected issues related to a possible validation error by Sectigo, the certification authority that issues SSL certificates and validates your personal data.

The guarantee is therefore claimable if the certification authority does not correctly validate the information contained in the digital certificate and this failure causes the end user to lose money in the context of a fraudulent credit card transaction.

This guide explains how to update a Let's Encrypt SSL certificate for a website hosted by Infomaniak.

Preamble

• It may be necessary, following the addition or removal of aliases to a website, to regenerate a certificate to include the new domain names linked to the website.
• The dashboard will clearly indicate that one of the domains linked to the site is not included in the current SSL certificate:
  
  

Update a Let's Encrypt certificate

To access certificate management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product in question:
   
3. Click on the action menu ⋮.
4. Click on Change the certificate:
   
5. Select the type of certificate to update.
6. Click on the Next button:
   
7. Check or select the relevant domains.
8. Click on the button Install:
   

This guide explains how to correctly interpret the detailed information provided by Qualys SSL Labs (https://www.ssllabs.com/ssltest/) which can sometimes seem technical or alarming without the appropriate context.

Preamble

• Qualys SSL Labs is a widely used analysis tool to evaluate the SSL/TLS configuration of websites.
• The warnings in their reports are often just technical details with no impact on the site's security or SEO.

Multiple certificates in SSL Labs reports

When SSL Labs analyzes a site, it may display several numbered certificates (certificate #1, certificate #2, etc.). This happens for several reasons:

1. Main certificate (#1): The certificate presented when SNI (Server Name Indication) is used.
   • SNI is a TLS extension that allows a server to host multiple SSL certificates for different domains on the same IP address. When a browser connects, it indicates the domain name it wants to join.
2. Secondary certificate (#2): The certificate presented when SNI is not used or during a direct IP connection.

An indication "No SNI" in certificate #2 is not an error. It simply means that SSL Labs tested what happens when a client connects without providing SNI information. In this case:

• The server provides a fallback certificate (often a generic or preview certificate).
• This situation only concerns very outdated clients that do not support SNI.
• Modern browsers all use SNI and will therefore receive certificate #1.

Certificate chain issues

"Chain issues: Incorrect order, Extra certs, Contains anchor"

These warnings do not necessarily mean that the certificate is defective:

• Incorrect order: The intermediate certificates are not presented in the optimal order.
• Extra certs: Unnecessary additional certificates are included.
• Contains anchor: The root certificate is included in the chain.

The TLS protocol allows the root certificate to be omitted as it is normally already present in the browsers' certificate stores. Including it is not an error, but a redundancy.

“Alternative names mismatch”

For the backup certificate (#2), the "MISMATCH" warning is normal because:

• This certificate is designed for another domain (preview.infomaniak.website).
• It is only presented when SNI is not used.
• The browser receiving this certificate would identify it as not matching the requested domain, but this does not affect normal connections with SNI.

Regarding SEO concerns:

• Google and other search engines use modern browsers that support SNI.
• They receive certificate #1, which is valid for your domain.
• Warnings regarding certificate #2 do not impact SEO.
• Only issues with the primary certificate (#1) could affect SEO.

This configuration is perfectly suited for shared hosting where multiple sites share the same infrastructure, with a preview certificate serving as a fallback solution.

This guide explains how to generate a certificate signing request (CSR) for a domain name and all its subdomains with a Web Hosting (excluding free hosting of type Starter).

This allows you to encrypt the connection to your domain name and all its subdomains via SSL.

Set up a Wildcard certificate

1. Add an alias domain with an asterisk *

To add an alias of type * to your website:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product concerned:
   
3. Click on the chevron ‍ to expand the Domains section of this site.
4. Click on the Add a domain button:
   
5. Enter the domain name to be added in this format:
   • *.domain.xyz (the asterisk is mandatory, followed by a dot, then the domain name of the website which is domain.xyz in this example)
6. Click on the Confirm button to complete the procedure:
   

2. Install an SSL certificate or update it

Example of updating the existing certificate to include the wildcard subdomain *:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the product concerned.
3. Click on SSL in the left sidebar.
4. Click on the action menu ⋮ located on the right.
5. Click on Change the certificate:
   
6. Select the same certificate that you already own.
7. Click on the Next button:
   
8. Make sure the recently added subdomain is selected.
9. Click on the Install button at the bottom:
   
10. Wait for the creation or update to complete.

This guide explains how to redirect to a secure https (SSL) version all visitors to a site on Web Hosting Infomaniak.

Preamble

• This redirection is usually automatic with standard configuration and installation.
• For additional help contact a partner or launch a free tender — also discover the role of the host.

Manual redirection via .htaccess file

Prerequisites

• Have a valid and functional SSL certificate for the Infomaniak website.

Next, modify or add the following 3 lines to the .htaccess file of the relevant website so that all its visitors automatically access its secure https version:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

Replace the second line of the code above with RewriteCond %{HTTP:X-Forwarded-Proto} !https if you encounter any issues.

With a CMS

Most web applications like WordPress and Joomla have extensions/plugins that automatically redirect visitors to the secure https version of a site.

WordPress

If you use a content management system (CMS) like WordPress to create your site, we recommend installing an extension to perform this redirection:

1. Back up the site's files and database as a precaution.
2. Install the extension Really Simple SSL or similar from the WordPress console and activate it.
3. The visitors are now automatically redirected to the https version of the site.

Joomla

1. Find the line

   var $live_site ='';

   in the Joomla configuration file (configuration.php) on the server.

2. Replace with

   var $live_site = 'https://www.domain.xyz';

3. Add three lines to your .htaccess file on the server:

   RewriteEngine On
   RewriteCond %{HTTPS} OFF
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

4. Open the Joomla administration panel in "System - Configuration".
5. Click on the "Server" tab and under "Force SSL" select "Administration and site".
6. Save and visitors will now be automatically redirected to the https version of the site.

Prestashop

1. Access the general settings in the Prestashop back-office to activate SSL:
   1. < v1.7 click on "Preferences" then on "General"
   2. > v1.7 click on "Shop Parameters" then on "General"
2. Turn on the toggle switch "Enable SSL" to "YES
3. Click on "Save
4. In the same place, turn on the toggle switch "Enable SSL on the entire site" to "YES".
5. Click on "Save".

In the case where a security lock does not appear in the browser or a warning is displayed, you should check the template or modules as sometimes these are not perfectly compatible with SSL. Your Prestashop then loads elements (images, .css or .js files, fonts...) in "http" while these should now be loaded in "https".

Drupal

Read this article (in English) which explains how to switch a Drupal site from http to https.

Alternative solutions

In your .htaccess file, to force the site URL to be https:// but without www:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

In the case of a redirection loop, adjust the code above as follows:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule (.*) https://domain.xyz/$1 [R=301,L]

In your .htaccess file, to force redirection with www

with the subdomains:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

In the case of a redirection loop, adjust the code above as follows:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

and without the subdomains:

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^domain.xyz [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

In the case of a redirection loop, adjust the code above as follows:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTP_HOST} ^domain.xyz [NC]
RewriteRule (.*) https://www.domain.xyz/$1 [R=301,L]

Common errors following an https redirection

To resolve common issues that may arise after redirecting your website to its secure https version, refer to this other guide.

This guide helps you understand the error "Your Connection Is Not Private" when you try to access a website, whether you are the site owner or a simple visitor.

Understand the error

The error "Your Connection Is Not Private" sometimes appears in your browser when it has trouble establishing a secure connection with the site you are trying to visit. This usually happens when the website does not have a valid security certificate and does not use the SSL/TLS protocol to protect communication between the site and your web browser.

In fact, this is a security measure aimed at protecting your data. Websites with invalid SSL certificates may have security issues, making them less reliable. They can also expose your personal information to hackers if you enter sensitive data, such as your login credentials or payment information.

If you are a visitor

This may be due to configuration errors, such as an insecure Wi-Fi connection, incorrect date and time on your computer, or even an SSL/HTTPS analysis by your antivirus software.

If you own an Infomaniak website

Have you installed an SSL certificate?

Learn about the different certificates available on the Infomaniak site.

And if you already have an SSL certificate for your site, have you updated it to include any potential site aliases?

Check the SSL certificate expiration date

Certificates are renewed automatically. To check the expiration date:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Check the column containing the expiration dates:
   

Check the installation

If you think you have activated SSL on your site, check a few points in this other guide.