Calling Brisbane home since 2016 Get in Touch
Company Home About Pricing Case Studies Blog Guides Contact
AI Consulting
Company
HomeAboutPricingCase StudiesBlogGuidesContact
Get in Touch
Back to Guides
Website intermediate 45-60 minutes

How to Set Up an SSL Certificate for Your Website

Secure your website, boost your Google rankings, and build trust with Australian customers by following our step-by-step SSL setup guide.

Angus 19 January 2026

# How to Set Up an SSL Certificate for Your Website

In today’s digital landscape, an SSL (Secure Sockets Layer) certificate is no longer a luxury—it is a mandatory requirement for any Australian small business. Not only does it encrypt the data moving between your server and your customers, but it also prevents Google Chrome from labelling your site as "Not Secure" and provides a necessary boost to your local SEO rankings.

Whether you are running a local café site in Brisbane or a national e-commerce store, having that little padlock icon in the browser bar is the first step in building digital trust. This guide will walk you through the process of securing your site from start to finish.

Prerequisites

Before you begin, ensure you have the following ready:
  • Administrative access to your web hosting account (e.g., cPanel, SiteGround, VentraIP).
  • Access to your domain registrar (if different from your host).
  • A backup of your website (always do this before making technical changes).
  • Your ABN details (only if you are applying for an Extended Validation (EV) certificate, though a standard DV certificate is usually sufficient for most small businesses).

---

Step 1: Choose the Right Type of SSL

Not all SSL certificates are created equal. For most Brisbane small businesses, a Domain Validated (DV) certificate is perfect. It’s affordable (often free) and verifies ownership of the domain. If you are a larger entity or a financial institution, you might consider an Organisation Validated (OV) or Extended Validation (EV) certificate, which requires more rigorous identity checks.

Pro Tip: Many Australian hosts like VentraIP or Panthur offer "Let’s Encrypt" certificates for free. Check if your hosting plan includes this before buying one separately.

Step 2: Log In to Your Hosting Control Panel

Most Australian hosting providers use cPanel. Log in using the credentials provided when you signed up for your hosting. What you should see: A dashboard filled with icons. Look for a section titled "Security". Inside, you will see icons for "SSL/TLS" and "SSL/TLS Status".

Step 3: Check for AutoSSL

Before doing manual work, check if your host has already started the process. Click on "SSL/TLS Status". What you should see: A list of your domains and subdomains. If there is a green padlock next to them, your SSL is already active! If there is a red padlock, you need to proceed with the installation.

Step 4: Generate a CSR (Certificate Signing Request)

If you are purchasing a commercial SSL (like a Comodo or DigiCert) rather than using a free one, you need to tell the provider about your server.
  • Click on SSL/TLS in cPanel.
  • Click on "Generate, view, or delete SSL certificate signing requests".
  • Fill in your details. Ensure your Country is set to Australia (AU) and your City/State matches your business registration.
  • Click Generate.

Step 5: Purchase or Activate Your Certificate

Copy the long block of text (the CSR) generated in Step 4. Go to your SSL provider’s website and paste this code when prompted. They will then ask you to verify ownership of the domain, usually via an email sent to admin@yourdomain.com.au or by adding a specific DNS record.

Step 6: Install the Certificate

Once the provider verifies your domain, they will email you a .crt file or a block of code.
  • Go back to cPanel > SSL/TLS.
  • Click "Manage SSL sites".
  • Select your domain from the dropdown menu.
  • Paste the Certificate (CRT) into the first box.
  • Click "Autofill by Domain" to fetch the Private Key and CA Bundle.
  • Click Install Certificate.

Step 7: Force HTTPS Redirection

Now that the certificate is installed, you need to make sure visitors actually use it. By default, people can still land on the http:// (unsecured) version of your site. For cPanel users:
  • Go to Domains in cPanel.
  • Toggle the switch that says "Force HTTPS Redirect" to ON.
For WordPress users: Install a plugin called "Really Simple SSL". It handles the technical redirection and ensures all your images and scripts load over the secure connection.

Step 8: Update Your CMS Settings

If you are using WordPress, go to Settings > General. Ensure that both the WordPress Address (URL) and Site Address (URL) start with https:// instead of http://.

Step 9: Fix "Mixed Content" Errors

Sometimes, even with SSL, you won't see the green padlock. This is usually because some images are still trying to load via http://. What you should see: A grey padlock with a yellow warning triangle. To fix this, use the "Really Simple SSL" plugin mentioned in Step 7, or a "Search and Replace" plugin to update all instances of http://yourdomain.com.au to https://yourdomain.com.au in your database.

Step 10: Update Google Search Console and Analytics

Google treats HTTP and HTTPS as two different websites.
  • Go to Google Search Console and add your new https:// property.
  • Go to Google Analytics (GA4), enter Property Settings > Data Streams, and update your URL to reflect the HTTPS prefix.

---

Common Mistakes to Avoid

  • Forgetting Subdomains: Ensure your SSL covers www.yourdomain.com.au and just yourdomain.com.au. A "Wildcard SSL" is needed if you have subdomains like shop.yourdomain.com.au.
  • Letting it Expire: Free certificates like Let’s Encrypt expire every 90 days. Ensure your host has "Auto-Renew" enabled.
  • Ignoring the CA Bundle: When installing manually, always include the CA Bundle provided by the issuer. Without it, some mobile browsers will still show your site as untrusted.

Troubleshooting

  • "Your connection is not private" error: This usually means the certificate is installed but doesn't match the domain name, or the server clock is wrong. Double-check that the domain name in the certificate matches your URL exactly.
  • Redirect Loops: If your site says "Too many redirects," you might have a conflict between your WordPress settings and your hosting settings. Try disabling your redirection plugin to see if the site loads.
  • Padlock not appearing: Check for "Mixed Content." Right-click your page, select Inspect, and click the Console tab. It will list exactly which images are causing the security breach.

Next Steps

Congratulations! Your website is now secure. This is a massive win for your brand's credibility. Now that your technical foundation is solid, you should look into optimising your Google Business Profile to drive more local Brisbane traffic to your newly secured site.

If you ran into any issues during this process or prefer a professional to handle your website security and maintenance, the team at Local Marketing Group is here to help.

Contact us today at https://lmgroup.au/contact to secure your digital presence.
Website SecuritySSL CertificateTechnical SEOSmall Business Tips

Related Guides

intermediate 45-60 minutes

How to Build Urgency and Scarcity Ethically

Read Guide
intermediate 45-60 minutes

How to Optimise Thank You Pages for Upsells and Referrals

Read Guide
intermediate 45-60 minutes

How to Use Social Proof Without Looking Desperate

Read Guide

Need Help With This?

Our team can help you implement this and more. Book a free consultation.

Book Free Consultation