Kapsule CloudAtlas

SSL Certificates and HTTPS

Updated 3 June 2026·SSL, HTTPS, certificate

This article explains what SSL is in plain language, how Kapsule handles SSL automatically for your sites, and what to do if something goes wrong with your certificate.

What Is SSL and Why Does It Matter?

When someone visits your website, information travels between their browser and your server. Without SSL, that information is sent in plain text. Anyone monitoring the network connection could read it, including passwords, form submissions, and personal details.

SSL (Secure Sockets Layer, now technically called TLS but still commonly called SSL) encrypts that connection. The padlock icon in the browser address bar is the visual sign that SSL is active and the connection is secure.

There are practical reasons SSL matters beyond security:

  • Google ranks secure sites higher. Websites without HTTPS may rank lower in search results.
  • Browsers show warnings. Chrome, Safari, and Firefox all show "Not Secure" warnings to visitors on sites without SSL.
  • Forms and logins require it. Modern browsers block form submissions on non-HTTPS pages in some configurations.

In short: every live website should have SSL active. Kapsule handles this automatically so you do not need to purchase or install certificates manually.

How Kapsule Handles SSL Automatically

When you create a site in KPanel and your domain's DNS is pointing to Kapsule, an SSL certificate is requested and installed automatically. You do not need to:

  • Purchase a certificate
  • Generate a CSR (Certificate Signing Request)
  • Upload certificate files
  • Configure anything manually

Kapsule uses industry-standard certificate infrastructure to issue and install certificates for every site. The certificate covers both the root domain and the www subdomain.

When SSL Is Issued

SSL certificates are issued automatically when two conditions are met:

  1. The domain has been added to your Kapsule account (visible in KPanel > Domains)
  2. DNS has propagated and the domain's A record is pointing to your Kapsule server

Once both conditions are met, certificate issuance begins automatically. Under normal conditions, your site will show a green padlock within 5 to 15 minutes of DNS propagating.

SSL cannot be issued before DNS has propagated. If your domain was just pointed to Kapsule, you may need to wait up to several hours for DNS to propagate worldwide before SSL is active. This is normal and expected.

Website overview showing SSL status

SSL Status Indicators in KPanel

In Websites in KPanel, each site shows an SSL status indicator:

StatusMeaning
Green padlock / ActiveSSL is valid and the site is fully HTTPS
PendingCertificate has been requested, waiting for DNS or issuance to complete
FailedCertificate could not be issued. See troubleshooting below
Expiring SoonCertificate is within 30 days of expiry (renewal is automatic, this is informational only)

What to Do If SSL Is Not Issued

If SSL is still showing as Pending or Failed after 30 minutes and you believe DNS has propagated, work through this checklist:

1. Confirm DNS Has Propagated

Use a DNS propagation checker tool (available via a web search for "DNS propagation checker"). Enter your domain and check whether the A record resolves to a Kapsule IP address in most locations.

If it does not, DNS has not yet fully propagated. Wait another hour and check again.

2. Check That the Domain Is Active in KPanel

Go to KPanel > Domains and confirm your domain shows as Active or Connected. If it shows as Pending, DNS has not yet propagated from your registrar.

3. Check for a CAA Record Conflict

A CAA (Certification Authority Authorization) record is an optional DNS record that controls which certificate authorities are allowed to issue SSL for your domain. If your domain has a CAA record left over from a previous provider, it may be blocking Kapsule's certificate authority.

To check:

  1. Go to KPanel > Domains > your domain > DNS Records
  2. Look for any records of type CAA
  3. If you find a CAA record that does not match what Kapsule requires, delete it or contact support

If you are unsure whether a CAA record is the problem, contact support at support@kapsulecloud.com with your domain name. The team can diagnose this within minutes.

4. Confirm the Domain Points to the Correct Site

If you have multiple sites in KPanel, confirm the domain is assigned to the correct site. Go to Websites → your site → Settings and verify the domain listed matches what you are trying to secure.

5. Check for www vs. Root Domain Conflicts

SSL is issued for both yourdomain.com and www.yourdomain.com. If the CNAME record for www is pointing somewhere other than Kapsule, the www version of the certificate may fail. Check both A and CNAME records in your DNS settings.

Certificate Renewal: Fully Automatic

Kapsule renews SSL certificates automatically, approximately 30 days before they expire. You do not need to do anything.

You may see an "Expiring Soon" notification in KPanel as renewal approaches. This is informational. The renewal process runs in the background and your site will not experience any downtime during renewal.

If your domain's DNS stops pointing to Kapsule (for example, if nameservers are changed back to a registrar's default), automatic renewal will fail because the certificate authority cannot verify ownership of the domain. If you plan to move a domain away from Kapsule, note that SSL will eventually expire and cause a browser warning on the destination server if a new certificate is not arranged.

What Happens If SSL Expires

If a certificate expires without being renewed:

  • Visitors see a full-screen browser warning stating the connection is not private. Most visitors will not proceed past this warning.
  • Search engine ranking can drop as crawlers treat the site as insecure.
  • Form submissions may be blocked by modern browsers.

Under normal circumstances, this cannot happen on Kapsule because renewal is automatic. The only scenario where expiry can occur is if the domain's DNS has been changed to point elsewhere, preventing automatic renewal.

If you see an SSL expiry warning on your live site, contact support at support@kapsulecloud.com immediately. Include your domain name. The team will diagnose whether it is a renewal failure or a DNS configuration issue and restore HTTPS as quickly as possible.

Frequently Asked Questions

Can I upload my own SSL certificate? For most sites, the automatic certificate is correct and no custom certificate is needed. If you have a specific requirement for a paid extended validation (EV) certificate or a wildcard certificate, contact support to discuss your options.

Does SSL work on subdomains? Yes. When you create a site on a subdomain (for example, shop.yourdomain.com) in KPanel, an SSL certificate is issued for that subdomain automatically.

My site loads on HTTP but redirects to HTTPS show an error. This is usually a mixed content issue, where the site is loading HTTPS but some resources (images, scripts) are still referenced using http:// URLs. In WordPress, go to Settings > General and confirm both the WordPress Address and Site Address use https://. A plugin like "Better Search Replace" can help update remaining http:// references in the database.

Was this article helpful?

Related articles

Connecting via SFTP: FileZilla, Cyberduck, and Command Line

A complete guide to connecting to your site via SFTP using FileZilla, Cyberduck, or the terminal, including troubleshooting common connection errors.

Fixing Mixed Content Warnings After Enabling HTTPS

Accessing your database with phpMyAdmin

phpMyAdmin is a browser-based database management tool. Kapsule provides single sign-on access to phpMyAdmin for every website — no separate password needed.

Migrating a website from cPanel to Kapsule

This guide covers moving a WordPress or PHP website from a cPanel host to Kapsule. The process takes 30–90 minutes depending on your site's size.

Still need help?

Our support team is here on business days, NZT.

Open a ticketEmail support
Back to Help Centre
SSL Certificates and HTTPS | Atlas by Kapsule Cloud | Help Centre | Kapsule Cloud