SSL certificates are tied to a domain and validated against where that domain points. When you migrate, your site gets a fresh certificate on iWebVault rather than copying the old one. Here’s how to get your HTTPS padlock back smoothly.
Why SSL is reissued, not copied
A certificate proves your server controls your domain. Since your domain only points to iWebVault after cutover, the new certificate is issued at that point. iWebVault uses AutoSSL to issue free certificates automatically — you don’t buy or install anything.
The sequence
- Migrate your account (your site is in place on iWebVault)
- Point your domain to iWebVault via DNS
- Once DNS resolves here, AutoSSL detects your domain and issues a certificate
- Your site loads over HTTPS with a valid padlock
The brief window before AutoSSL runs
Right after cutover, there can be a short period before AutoSSL issues your certificate. If you see a certificate warning in those first minutes, it usually clears on its own once AutoSSL completes its next run.
Speeding it up
- Make sure your domain fully resolves to iWebVault first (AutoSSL needs this)
- Ensure both
yourdomain.comandwww.yourdomain.compoint here - If it hasn’t issued after propagation completes, ask support to trigger AutoSSL
http:// links in your site, not from the certificate. Update those to https:// or use protocol-relative URLs.Why a certificate can’t simply be copied
An SSL certificate is cryptographically bound to your domain and is only issued after a certificate authority verifies that the server requesting it actually controls the domain. Since your domain only points to iWebVault after cutover, the certificate is issued at that point — there’s no benefit to copying the old one, which was tied to the old server anyway.
What AutoSSL does for you
iWebVault runs AutoSSL, which automatically requests and installs free certificates for the domains on your account, then renews them before they expire. You don’t purchase, generate, or install anything, and you never have to remember a renewal date. It’s hands-off SSL.
The first-issue timing
AutoSSL can only validate your domain once it resolves to iWebVault, so the sequence is: cut DNS over, wait for it to resolve here, then AutoSSL issues your certificate on its next run. In the short window between cutover and that run, a browser might show a certificate warning — this clears automatically once the certificate issues.
Requirements for AutoSSL to succeed
- Your domain must resolve to iWebVault (DNS cutover done)
- Both the root domain and
wwwshould point here - No conflicting CAA record forbidding the certificate authority
- The validation path must be reachable (no blocking redirects)
Mixed-content warnings
Sometimes after migrating, a site shows as ‘not fully secure’ even with a valid certificate. This is almost always mixed content — pages loading some resources over http:// instead of https://. The fix is in your site, not the certificate: update hardcoded http:// links to https://, or use protocol-relative or relative URLs. For WordPress, a simple settings update or a small plugin resolves it.
Certificates for many subdomains or addon domains
AutoSSL covers the domains and subdomains on your account, not just the primary. After cutover, give it a little time to work through them, then confirm each loads with HTTPS. If a particular subdomain doesn’t get a certificate, check it resolves to iWebVault and has no CAA restriction.
The certificate timing, expanded
Because a certificate authority must verify your domain points at the server requesting the certificate, the sequence is fixed: cut DNS over to iWebVault, let it resolve here, then AutoSSL issues your certificate on its next run. The brief gap between cutover and that run is when a browser might show a warning — which clears automatically once issuance completes. If you want HTTPS the instant you cut over, ask support to trigger AutoSSL manually after your domain resolves here.
What AutoSSL covers and maintains
AutoSSL automatically requests and installs free certificates for the domains on your account — primary, addon, and subdomains — and then renews them before expiry without any action from you. There’s no certificate to buy, no renewal date to track, and no manual installation. Once it’s issued your certificates, ongoing SSL is entirely hands-off.
Conditions AutoSSL needs
- Your domain must resolve to iWebVault (DNS cutover complete)
- Both the root domain and
wwwshould point here - No CAA record forbidding the issuing certificate authority
- The validation path must be reachable, with no blocking redirects
If a particular domain or subdomain doesn’t get a certificate, check it against this list — almost always it’s one of these, most commonly that the domain isn’t yet resolving to iWebVault or a CAA record is blocking issuance.
Diagnosing mixed-content warnings
A frequent post-migration surprise is a site showing ‘not fully secure’ despite a valid certificate. This is mixed content — the page loads some resources over http:// rather than https://. The certificate is fine; the fix is in your site. Update hardcoded http:// links to https://, or use relative or protocol-relative URLs. For WordPress, a settings update or a small plugin resolves it across the site.
HTTPS for the whole account
After cutover, give AutoSSL a little time to work through all your domains and subdomains, then confirm each loads with the padlock. If one lags, verify it resolves to iWebVault and has no CAA restriction. Within a short while, your entire account — every domain on it — should be serving securely over HTTPS with certificates that renew themselves indefinitely.
What’s next
Still stuck? Our team can run or finish the migration for you — open a support ticket and we’ll take it from there.
Was this helpful?
Thanks for your feedback!
