TL;DR
Yes, a cloned website can have HTTPS certificates, but it’s not automatic. You need to obtain and install a new certificate for the clone, as the original site’s certificate won’t work.
How to Get HTTPS on a Cloned Website
- Understand Why Cloning Doesn’t Transfer Certificates: A website’s HTTPS certificate is tied to its domain name. When you copy a website, you’re copying the files and content, not the security credentials. The original certificate only validates the original domain.
- Trying to use the old certificate on the new domain will cause browser warnings (like ‘Not Secure’) because it doesn’t match the domain in the certificate.
- Choose a Certificate Type: There are several types of SSL/TLS certificates available:
- Domain Validation (DV): Quickest and cheapest. Verifies you control the domain.
- Organization Validation (OV): More thorough, verifies your organisation’s details.
- Extended Validation (EV): Highest level of trust, displays a green address bar in some browsers.
- Purchase an SSL/TLS Certificate: You can buy certificates from various providers like:
- Let’s Encrypt (free DV certificates) – https://letsencrypt.org/
- Comodo, DigiCert, Sectigo, GoDaddy, etc.
- Generate a Certificate Signing Request (CSR): You’ll need to create a CSR on your new web server. The process varies depending on your server software:
- Apache: Use the
opensslcommand.openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr - Nginx: Typically done through your hosting control panel or using
openssl. - cPanel/Plesk: Most hosting panels have a CSR generation tool in the SSL/TLS section.
- Apache: Use the
- Submit the CSR to Your Certificate Provider: Copy and paste the contents of your
domain.csrfile into the certificate provider’s form during the purchase process. - Verify Domain Ownership: The certificate provider will need to confirm you control the domain. Common methods include:
- Email verification (to an address at the domain).
- DNS record changes (adding a TXT record).
- File upload (placing a specific file on your web server).
- Install the Certificate: Once verified, you’ll receive the certificate files. Install them on your web server.
- This usually involves uploading the certificate and intermediate certificates to your server’s configuration.
- Apache: Edit your virtual host file (e.g.,
/etc/apache2/sites-available/yourdomain.conf) and add or modify the following:<VirtualHost *:443> ServerName yourdomain.com DocumentRoot /var/www/yourdomain SSLEngine on SSLCertificateFile /etc/ssl/certs/yourdomain.crt SSLCertificateKeyFile /etc/ssl/private/yourdomain.key </VirtualHost> - Nginx: Edit your server block configuration file (e.g.,
/etc/nginx/sites-available/yourdomain) and add or modify:server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /etc/nginx/ssl/yourdomain.crt; ssl_certificate_key /etc/nginx/ssl/yourdomain.key; }
- Restart Your Web Server: After installing the certificate, restart your web server to apply the changes.
- Apache:
sudo systemctl restart apache2 - Nginx:
sudo systemctl restart nginx
- Apache:
- Test Your HTTPS Installation: Use an online SSL checker tool (like https://www.sslshopper.com/ssl-checker.html) to verify the certificate is installed correctly and that your website displays a secure connection.