Migrations

Migrating SSL Certificates and Custom Certs

AutoSSL reissues free certificates automatically, but if you use a paid or custom certificate, here's how to handle it during a migration.

5 min read

For most sites, SSL after a migration is effortless — AutoSSL issues a fresh free certificate once your domain points at iWebVault. But if you use a paid or custom certificate (an EV cert, a wildcard you purchased, or one with specific requirements), there’s a bit more to consider. This guide covers both cases.

Which certificate do you need? After cutover Standard site AutoSSL — free, automatic EV / compliance / wildcard install custom cert + key

The default: AutoSSL handles it

iWebVault’s AutoSSL automatically issues and renews free certificates for the domains on your account once they resolve here. For the vast majority of sites, this means you do nothing — after cutover, your site simply loads over HTTPS with a valid, auto-renewing certificate. If that’s you, the SSL-after-migration article covers everything.

When you have a paid or custom certificate

If you specifically need a particular paid certificate — for compliance, an extended-validation cert, or a purchased wildcard — that certificate isn’t tied to the server and can be installed on iWebVault. You’ll need the certificate file, its private key, and any intermediate/CA bundle from your old setup or your certificate provider.

Installing a custom certificate

  1. Gather the certificate, the private key, and the CA bundle
  2. After your domain points to iWebVault, install them in your cPanel’s SSL/TLS section
  3. Confirm the certificate matches your domain and the key pairs correctly
  4. Verify the site loads with your intended certificate
📘 NoteIf you don’t have the private key for an existing paid certificate, you generally can’t reinstall that exact certificate — you’d reissue it through your certificate provider, who can rekey it for the new server.

Deciding whether you still need a paid cert

Many sites that historically bought certificates no longer need to — a free AutoSSL certificate provides the same encryption and the same browser padlock. Paid certificates make sense mainly for extended validation (the company-name display some sites want) or specific organisational requirements. If neither applies, letting AutoSSL handle it is simpler and free.

Timing

Whatever the certificate type, installation happens after your domain resolves to iWebVault, since validation depends on that. Plan to cut over first, then confirm or install your certificate. For a brief window before issuance/installation, a certificate warning is normal and clears once the cert is in place.

⚠️ ImportantKeep your private key secure and never share it. If a key is exposed during a migration, reissue the certificate — a certificate whose key has been exposed should not be trusted.

Most sites need nothing here

Before getting into custom certificates, the reassuring default: for the overwhelming majority of sites, AutoSSL handles SSL completely on its own. Once your domain points at iWebVault, AutoSSL issues a free, valid, auto-renewing certificate and your site loads over HTTPS with no action from you. If you don’t have a specific reason to use a paid certificate, this is all you need.

When a custom certificate is warranted

Custom or paid certificates make sense in a few cases: extended-validation certificates that display your organisation name, certificates required by a compliance regime, or a wildcard you’ve already purchased and want to keep. These aren’t tied to the server, so they can be installed on iWebVault — you just need the right files.

What you need to install one

  • The certificate file itself
  • The matching private key
  • Any intermediate / CA bundle

Installing after cutover

  1. Wait until your domain resolves to iWebVault
  2. Open the SSL/TLS section in your cPanel
  3. Install the certificate, private key, and CA bundle
  4. Confirm the certificate matches your domain and the key pairs correctly
  5. Verify the site serves with your intended certificate
📘 NoteIf you’ve lost the private key for an existing paid certificate, you can’t reinstall that exact certificate — reissue it through your provider, who can rekey it for the new server.

Do you still need it?

Many sites that historically bought certificates no longer need to. A free AutoSSL certificate provides identical encryption and the same browser padlock. Paid certificates are really only necessary for extended validation or specific organisational requirements. If neither applies to you, letting AutoSSL handle SSL is simpler, free, and self-maintaining.

⚠️ ImportantProtect your private key and never share it. If a key is exposed during a migration, reissue the certificate — a certificate whose key has leaked should no longer be trusted.

What’s next

Still stuck? Our team can run or finish the migration for you — open a support ticket and we’ll take it from there.

Key takeaways

For most sites, AutoSSL issues a free, auto-renewing certificate once your domain points at iWebVault — nothing to do. If you specifically need a paid or custom certificate (EV, compliance, a purchased wildcard), install it after cutover with its certificate, private key, and CA bundle. Many sites that once bought certificates no longer need to, since AutoSSL gives the same encryption and padlock free.

Do I need to buy an SSL certificate for iWebVault?

Almost certainly not. AutoSSL provides a free, valid, auto-renewing certificate with the same encryption and browser padlock as a paid one. Paid certificates are only needed for extended validation (showing your company name) or specific organisational requirements. If neither applies, let AutoSSL handle it.

Common mistakes to avoid

  • Buying a certificate you don’t need when AutoSSL would do
  • Trying to install a paid certificate without its private key
  • Installing a custom certificate before the domain resolves to iWebVault
  • Sharing or exposing a private key during the move

For nearly everyone, SSL after a migration is a non-event — AutoSSL issues and renews a free certificate automatically once your domain points here. Reach for a custom certificate only when extended validation or a specific requirement genuinely calls for it, install it after cutover with its full key and chain, and keep that private key secure.

When to let us handle it

If you genuinely need a specific paid or custom certificate and aren’t sure how to install it, or you’re unsure whether you even need one, just ask. We’ll confirm whether a free AutoSSL certificate covers your case (it usually does), and if you do need a custom certificate, we’ll help you install the certificate, key, and CA bundle correctly after cutover. There’s no need to wrestle with certificate files or worry about getting the chain right — a quick ticket gets your intended certificate in place and verified, with the padlock showing exactly as it should.

Ready to move to iWebVault?Offshore, anonymous, DMCA-ignored hosting — and our migration tools bring your sites across for you.Start from $1 →

Was this helpful?

Filed under autossl custom certificate https migration paid ssl ssl certificate
Marcus A. Chen
About the author

Marcus A. Chen

iWebVault Team — writing setup guides, tutorials and answers for offshore, anonymous and DMCA-ignored hosting customers.

188 KB articles Website ↗
Continue reading

More from the Knowledge Base

View all articles