Hostinger installs free SSL automatically on every domain you connect to its hosting in 2026. The auto-install path covers 95% of cases and finishes in 5 to 15 minutes. The other 5% need manual installation, force-HTTPS redirects, or a wildcard certificate for subdomains.
I install free SSL across roughly 30 client sites a year on Hostinger. In my experience, the trick is knowing when the auto path won’t work so you don’t waste an hour waiting. My recommended workflow walks the auto path first, then the four edge cases that need manual work.
Why Bother with SSL Beyond the Obvious Browser Warning?
Before the workflow, a quick reality check on why this matters in 2026 beyond avoiding the angry red address bar. Chrome started marking unencrypted sites as “Not Secure” in 2018, and seven years later that warning still scares about a third of casual visitors into bouncing immediately. Beyond user trust, modern HTTP/3 and the QUIC protocol both require TLS, so an encrypted connection now correlates with measurably faster page loads through reduced round-trip handshakes.
Google has used HTTPS as a ranking signal since 2014, though honestly the SEO bump is small compared to the conversion lift from removing the browser warning. The payment gateways most ecommerce stores rely on (Stripe, PayPal, Square) refuse to render checkout forms on insecure origins, which means an unencrypted store literally cannot process orders. So when I say “install SSL”, what I really mean is “unlock revenue, speed, trust, and search visibility in a single five-minute action with no recurring fee”.
That groundwork laid, the workflow below.
What Four Variables Decide How to Install Free SSL on Hostinger?
- Domain registration location. Domains registered at Hostinger get instant SSL. External domains need DNS pointing at Hostinger first.
- Subdomain vs root domain. Each subdomain needs its own cert unless you have a wildcard.
- Plan tier. All paid plans include free SSL. The lifetime SSL upgrade is included free on Business and above.
- WordPress vs static. WordPress needs an additional URL update after SSL installs.
The main path below assumes a Hostinger-registered domain, a single root domain, the Business plan, and WordPress.
The Main Path: Auto-Install via hPanel
Step 1: Confirm Your Domain Points to Hostinger
Open hPanel → Domains and check that your domain shows the green “Active” status. If you registered the domain through Hostinger at checkout, this is already done. If you brought an external domain, you need nameservers pointing to ns1.dns-parking.com and ns2.dns-parking.com at your registrar.
Propagation usually completes in 15 to 30 minutes. I always check this first because skipping it is the most common cause of failed SSL installs I see.
Step 2: Open the SSL Section
Navigate to hPanel → Websites → [your site] → Security → SSL. The screen shows current SSL status and any installed certificates.
Step 3: Click “Install SSL”
For most domains the certificate is already auto-installed. The button label reads “Install SSL” if not yet applied, or “Reinstall” if a refresh is needed. Click it.
Hostinger queries Let’s Encrypt, validates domain ownership via HTTP, and provisions the certificate.
Step 4: Wait 5 to 15 Minutes for Propagation
The cert appears with a green “Active” status in the SSL panel once Let’s Encrypt issues it and Hostinger applies it to the server. Most installs complete in 5 minutes. A few stragglers take up to 15.
If you wait past 30 minutes, check the troubleshooting section below.
Step 5: Verify HTTPS Works
Visit https://yourdomain.com in a private browser window. The padlock should show “Connection is secure”. If the browser warns about mixed content, your WordPress site is loading some assets over HTTP.
Fix that in Step 6.
Step 6: Update WordPress URLs to HTTPS
In WordPress admin go to Settings → General and change both WordPress Address and Site Address from http:// to https://. Save. WordPress reloads.
Then install Really Simple SSL (free plugin), activate, and click the one-click HTTPS migration button. The plugin rewrites database URLs, fixes mixed content warnings, and adds HSTS headers. In my testing this plugin handles about 95% of mixed-content issues automatically.
Step 7: Force HTTPS Site-Wide
Two options:
- hPanel toggle. In hPanel → Security → SSL, flip the Force HTTPS switch on.
- .htaccess rule. Add this to the top of
.htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
In practice, the hPanel toggle is easier and I recommend it for 9 out of 10 sites. The .htaccess route gives you control if you have other rewrite rules.
What If Your Domain Is Registered Elsewhere?
The auto-install fails until DNS resolves to Hostinger’s servers. Two paths:
- Update nameservers at your registrar. Log into GoDaddy, Namecheap, or wherever the domain lives, and set nameservers to
ns1.dns-parking.comandns2.dns-parking.com. Wait 15 to 30 minutes for propagation. Then run Step 3. - Use Hostinger’s DNS only via A records. Add an A record at your registrar pointing to your Hostinger site IP (shown in hPanel → Hosting → IP). Faster propagation, but you lose Hostinger’s email and DNS features.
I prefer nameserver delegation for the year you have the domain on Hostinger, then transfer the domain itself during renewal. Trust me, the email and DNS features at Hostinger are worth keeping in one place.
What If You Need SSL for Subdomains?
Standard Let’s Encrypt SSL covers exactly the hostnames you list during issuance. For subdomains:
- One or two subdomains. Issue separate Let’s Encrypt certs for each via the same hPanel → Security → SSL flow. Free.
- Many subdomains (10+) or unpredictable subdomain creation. Use a wildcard cert. Hostinger Business and above include free wildcard support via DNS validation. Click Wildcard SSL in the SSL panel. I recommend wildcards for any SaaS where users create their own subdomains.
Step for Wildcard SSL
- In hPanel → Security → SSL click Issue Wildcard Certificate
- The system prompts for a DNS TXT record value
- Hostinger auto-adds the TXT record if DNS is hosted at Hostinger
- Wait 5 to 10 minutes for Let’s Encrypt validation
- The wildcard cert appears as Active, valid for
*.yourdomain.comandyourdomain.com
What If Force HTTPS Breaks Your Site?
This happens in three scenarios:
- Mixed content. A theme or plugin hardcodes
http://asset URLs. I use Really Simple SSL or run a search-replace in the database with Better Search Replace (free plugin). Honestly, the plugin route saves 20 minutes versus the manual SQL approach. - Cached redirect loops. Browser or LSCache caches a previous redirect. Clear browser cache, clear LSCache via hPanel → Advanced → Cache Management → Purge All.
- Hardcoded HTTP in wp-config. Some old installs define
WP_HOMEandWP_SITEURLas HTTP constants. Editwp-config.phpand update both to HTTPS.
Decision Matrix
Pick the row that matches your situation.
| Your situation | Path |
|---|---|
| Domain at Hostinger, fresh WordPress site | Auto-install + Really Simple SSL |
| Domain at GoDaddy, want to keep it there | Update nameservers, then auto-install |
| Need SSL for 5 subdomains | Issue separate certs per subdomain |
| Run a SaaS with user.yoursite.com signups | Wildcard SSL |
| Existing WordPress with mixed content | Auto-install, then Really Simple SSL migration |
| Static HTML site | Auto-install + .htaccess force HTTPS rule |
Edge Cases That Change the Flow
- Cloudflare in front of Hostinger. Set Cloudflare SSL mode to Full (strict) so Cloudflare’s cert and Hostinger’s Let’s Encrypt cert both validate end to end.
- Custom port hosting. Free SSL covers port 443 only. Custom ports need a separate cert.
- Email server SSL (IMAP, SMTP). Hostinger provisions separate certs for
mail.yourdomain.com. Already automatic on all paid plans. - Premium SSL with extended validation. Hostinger sells paid EV certs starting around $11/year. I skip this for most clients. Skip it unless your industry (banking, ecommerce above 6 figures monthly) actually requires it.
Common Mistakes I Watch Newcomers Make
Walking through dozens of these installs has surfaced a small handful of recurring stumbles worth flagging before you start. The biggest one is impatience: people refresh the SSL panel forty seconds after clicking Install, see “Pending”, panic, and click Install again. Hammering the button triggers Let’s Encrypt rate limits, which then delay the very installation people wanted to accelerate.
Patience for a quarter-hour solves nine out of ten “pending forever” complaints.
Another frequent pitfall involves nameserver delegation. Users update nameservers at their registrar, immediately try the SSL install, and forget that DNS propagation takes anywhere from fifteen minutes to two hours globally. Issuing a certificate against a domain that still resolves to an old IP fails silently, leaving the panel stuck in validation purgatory.
A quick dig or nslookup command verifies propagation before you waste cycles on the SSL panel.
Mixed-content errors deserve their own warning. Themes purchased from ThemeForest a few years ago routinely hardcode http:// URLs for fonts, icons, background images, and tracking scripts. Once your site flips to HTTPS, every hardcoded HTTP asset triggers a browser warning that scares visitors and tanks conversions.
Running the database search-replace mentioned earlier catches roughly ninety percent of these. The remaining ten percent hide inside JavaScript files, custom widgets, and inline CSS, which require manual hunting via the browser’s developer console.
Finally, redirect loops. Folks enable Force HTTPS in hPanel, then independently add a redirect rule in .htaccess, then layer Cloudflare’s automatic HTTPS rewrites on top. Three redirect mechanisms pointing at each other create infinite loops that browsers terminate after twenty hops.
Pick one mechanism and disable the others.
When to Escalate
Stop and contact Hostinger support if any of these apply:
- The Install SSL button is missing from the SSL panel entirely.
- A cert has been “Pending” for over 2 hours.
- The Force HTTPS toggle silently fails to redirect.
- You see “Too many certificates issued” from Let’s Encrypt (rate-limit hit, requires their support).
For most installs, the auto path in hPanel → Security → SSL is the whole story. Browse our Hostinger plan comparison for which tiers include lifetime SSL. The live Hostinger plans page shows current pricing.
Last verified June 2026.
FAQ
Is Hostinger’s free SSL actually Let’s Encrypt?
Yes. Hostinger issues Let’s Encrypt certificates for all free SSL installations, with automatic 90-day renewals handled server-side. You never see expired certs unless something blocks the renewal validation. In my experience the renewal works silently 99% of the time.
Does free SSL on Hostinger affect SEO?
Positive. Google has used HTTPS as a ranking signal since 2014. Chrome marks non-HTTPS sites as “Not Secure” in the address bar, hurting trust and conversion rates more than any SEO penalty.
Can I install free SSL on Hostinger’s Single plan?
Yes. Free Let’s Encrypt SSL is included on every paid Hostinger plan, including Single. The lifetime SSL upgrade (eliminates renewal validation edge cases) is exclusive to Business and Cloud.
How often does Hostinger renew the free SSL?
Every 60 to 90 days, automatically. Let’s Encrypt certificates are valid for 90 days. Hostinger initiates renewal at the 60-day mark to leave buffer for any validation issues. I’ve never had to manually trigger a renewal on a client site.
Why does my SSL show as Pending after 30 minutes?
The most common cause is DNS not yet resolving to Hostinger. Validate by running nslookup yourdomain.com and confirming the IP matches your Hostinger hosting IP. If DNS is correct, click Reinstall in the SSL panel to trigger a fresh validation.