If your site shows a "Not Secure" warning in the browser, or visitors see a full red warning page about an invalid certificate, this article walks through the most common causes and what to do about each.
How SSL works on our hosting
All of our hosting plans support SSL. Coverage varies by plan — see SSL at CanSpace for a breakdown of what's included.
For SSL to be issued, two things need to be true:
- Your domain's nameservers need to point to our servers (so we can issue a certificate for it).
- SSL needs to be activated on the account (this happens after you open a ticket requesting it — once per account, not once per domain).
Step 1: Confirm your domain points to us
Open a terminal and run:
dig yourdomain.com NS +shortOr use the web-based lookup at whatsmydns.net — enter your domain, select NS from the dropdown, and click Search. The results should show nameservers ending in .canspace.ca.
If they don't, you'll need to update them first. See How do I change my nameservers?, then wait a few hours for DNS propagation before continuing.
Step 2: Check whether SSL is active for the account
If you haven't contacted us yet about SSL for this account, SSL hasn't been activated. Open a support ticket with the domain name and we'll take care of it — once it's on, it stays on and renews itself every 90 days.
If SSL is already active and one of your domains is showing a "Not Secure" warning, log in to cPanel, type ssl in the search bar, and open SSL/TLS Status. You'll see a list of your domains with either a green padlock (valid certificate installed) or a red padlock with a warning (no valid certificate). For any domain showing a red padlock, tick its checkbox and click Run AutoSSL. Wait 5–10 minutes and reload the page; the icon should turn green.
If it doesn't turn green after that, read on.
Common reasons a certificate fails to issue
Roughly in order of how often we see them:
DNS hasn't finished propagating yet
If you just changed nameservers, the change can take a few hours (up to 24–48 in rare cases) to propagate worldwide. Our system checks your domain from multiple locations, and if any of them still see the old server, it will retry later. Check propagation at whatsmydns.net — if most of the pins on the map aren't green yet, just wait.
Your site is served through Cloudflare or another proxy
If your domain's nameservers point at Cloudflare, Sucuri, or another reverse-proxy service, our server never sees the verification request directly — the proxy intercepts it. Two options:
- Easiest: Turn off the proxy (set the DNS record to "DNS only" / grey cloud in Cloudflare) for long enough to issue the certificate, then turn it back on.
- Recommended for Cloudflare users: Use Cloudflare's own SSL settings — set SSL/TLS encryption mode to Full (strict) and enable Always Use HTTPS. Cloudflare handles the certificate at its edge; our server's certificate still covers the origin connection.
The domain doesn't fully resolve to our server
The nameservers might be correct, but individual DNS records (A or AAAA) could be pointing somewhere else. Run:
dig yourdomain.com +short
dig www.yourdomain.com +shortBoth should return an IP address belonging to our server. If not, the DNS record needs to be corrected in the cPanel Zone Editor, or at whichever service is actually hosting the DNS.
A firewall or security plugin is blocking verification
Occasionally, a WordPress security plugin (Wordfence, iThemes Security) or a custom .htaccess rule blocks validation requests to /.well-known/acme-challenge/. If you've recently installed a security plugin, try temporarily disabling it and retrying. If you have custom .htaccess rules, make sure they don't block or redirect the .well-known directory.
My site loads over HTTPS, but the browser still says "Not Secure"
If https://yourdomain.com loads fine but the browser shows a warning anyway, you're likely seeing a mixed content issue. The page itself is served over HTTPS, but it references images, scripts, or stylesheets using http:// URLs — the browser flags the page as "not fully secure" because some assets are loading insecurely.
For WordPress sites, a search-replace in the database usually fixes this. Replace all instances of http://yourdomain.com with https://yourdomain.com. The Better Search Replace plugin is the safest way — it handles serialized data correctly.
For other platforms, check your theme settings, config files, and any hardcoded URLs in content.
I want HTTP to automatically redirect to HTTPS
Once your SSL is working, you'll likely want all visitors forced to the secure version of your site. In cPanel, open the Domains section, find your domain in the list, and toggle Force HTTPS Redirect to on. Visitors hitting http://yourdomain.com will be automatically redirected to https://yourdomain.com.
Wildcard and multi-domain certificates
If you need a paid wildcard or EV (green-bar) certificate, see our SSL Certificates page — you can purchase one and we'll install it for you.
Still stuck?
If you've worked through everything above and SSL still isn't active, the fastest path is to open a ticket. Include the domain name and what you've already tried, and we'll take a look from our side.
Related articles
- SSL at CanSpace — what is included and how it works
- How do I change my nameservers?
- How to preview your site before updating DNS
Still stuck? Open a support ticket
