This guide shows you how to install an SSL certificate on InterWorx, the Liquid Web control panel for Linux servers. It covers both scopes most administrators run into: SiteWorx for a single hosted domain and NodeWorx for the InterWorx panel itself and the server hostname. It also covers the built-in Let’s Encrypt option that ships with current InterWorx releases (7.x and 8.x), so you can pick the workflow that matches how your certificate was issued.
SiteWorx or NodeWorx: which one do you need?
InterWorx separates per-domain settings from server-wide settings, and SSL is no exception. Pick the right interface before you start:
- SiteWorx installs a certificate on a single hosted domain (for example example.com and its sub-domains). This is what you want for a normal website served by Apache or NGINX through InterWorx.
- NodeWorx installs a certificate on the InterWorx panel itself and on system services (the panel’s web interface on port 2443, FTP, SMTP, IMAP/POP via Dovecot). This is what you want when browsers warn about the certificate on the control-panel hostname or on mail clients.
The pasted files are the same in both places. The menus and what the certificate ends up serving are different.
Generate a CSR code on InterWorx
If you have already generated your CSR and received the certificate from the Certificate Authority, jump straight to Install the SSL certificate in SiteWorx.
A CSR (Certificate Signing Request) is a block of encoded text that contains the contact details for your certificate and the matching public key. The CA signs your CSR and returns the certificate files. You have two ways to generate it:
- Generate the CSR off-server with our CSR Generator. This creates the CSR and the private key in your browser, so you save both and later paste them into InterWorx.
- Generate the CSR inside InterWorx itself by following our tutorial on how to generate a CSR on InterWorx Control Panel. The private key stays on the server, and you only paste the issued certificate and chain afterwards.
Submit the CSR text to the CA during your order. Once validation completes, the CA emails you a ZIP archive that contains the issued certificate (a .crt or .cer file) and the .ca-bundle with the intermediate chain.
Install an SSL certificate in SiteWorx (per-domain)
Use this workflow for a hosted website. You will need the issued certificate, the CA bundle, and (if you generated the CSR off-server) the matching private key.
Step 1: Prepare the certificate files
Unzip the archive from your CA. You should have:
- The primary certificate, normally with a .crt or .cer extension. This is the certificate issued for your domain.
- The intermediate chain, normally a .ca-bundle file. See what is a CA bundle if you want the long version.
- The private key only if you generated the CSR outside InterWorx. If the CSR was generated inside InterWorx, the key already lives on the server and you do not paste it again.
Open each file in a plain-text editor (Notepad, TextEdit in plain mode, gedit, nano). The certificate begins with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----. The private key begins with -----BEGIN PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY-----. Copy the entire block including the BEGIN and END lines.
Step 2: Open the SSL page in SiteWorx
- Log in to SiteWorx for the account that owns the domain.
- In the left menu, go to Hosting Features > Domains > SSL.
- If you manage several domains, pick the domain you are installing for from the dropdown at the top.
Step 3: Install the certificate
If you generated the CSR off-server, install the private key first. Under SSL Files, click Setup Private Key, paste the matching private key (including the -----BEGIN and -----END lines), and click Install. InterWorx needs the key on file before it will accept the matching certificate. If you generated the CSR inside InterWorx, the key is already on the server and you can skip this step.
Next, click Setup SSL Certificate. Paste the contents of your primary certificate into the field, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, then click Install. You should see a “Certificate installed successfully” confirmation.
Step 4: Install the CA bundle (chain certificate)
Back on the SSL page, click Setup SSL Chain Certificate. Paste the entire contents of the .ca-bundle file (it normally holds two or more certificate blocks, one per intermediate) and click Install. Without this step, browsers on desktop usually still trust the certificate, but mobile clients and API consumers often report a broken chain.
InterWorx reloads the web server for you, so the site is live on HTTPS as soon as the install confirmation appears. You do not need to restart Apache or NGINX manually.
Use the built-in Let’s Encrypt option
InterWorx 6 and later ship with a Let’s Encrypt plugin, including AutoSSL for automatic renewals. If your domain qualifies for a free DV certificate and you do not need an OV or EV product, this is the fastest path because it skips CSR generation, file pasting, and renewals entirely.
The plugin has to be enabled once at the server level by the NodeWorx administrator, then per-account:
- In NodeWorx, go to Plugins, edit Let’s Encrypt, set the status to Enabled, choose Live mode, and enter an email for expiry warnings.
- For each SiteWorx account that should use Let’s Encrypt, open the account settings and turn on the SSL option.
- The SiteWorx user then opens Hosting Features > Domains > SSL and chooses Let’s Encrypt as the certificate source. AutoSSL will renew the certificate automatically before it expires.
Let’s Encrypt requires that the domain you are issuing for resolves to this server over the public internet. If DNS does not point to InterWorx yet, the validation fails and you need to fall back to the paste-in workflow above with a certificate from another CA.
Install an SSL certificate in NodeWorx (server services)
Use this workflow to replace the self-signed certificate on the InterWorx panel hostname, on FTP, on SMTP, and on Dovecot. It is the same pasted material as SiteWorx, but the form lives in NodeWorx and you choose which services should pick the certificate up.
- Log in to NodeWorx as an administrator.
- Go to Server > SSL Certificates.
- Click the action icon to open the certificate form.
- Pick a certificate source. For a CA-issued certificate, choose the paste-in option and fill Private Key, SSL Certificate, and Chain Certificate. For a Let’s Encrypt certificate, first create the server hostname (for example host.example.com) as a SiteWorx domain, issue Let’s Encrypt for it there, then come back to Server > SSL Certificates and pick Domain as the source.
- Tick the services that should use this certificate (the InterWorx web interface, FTP, SMTP, Dovecot).
- Choose Restart Services Now from the dropdown, then click Save.
The selected services pick the new certificate up immediately. The InterWorx panel itself usually drops your session while its web service restarts; reload the URL after a few seconds.
Test the SSL installation
After installing, open your site over https:// and check that the browser shows the padlock without warnings. For a deeper check of the chain, protocol versions, and expiry date, run the domain through our SSL Checker and confirm that the issued certificate, the intermediates, and the root all appear and that nothing is reported as expired or missing.
Frequently Asked Questions
SiteWorx handles a single hosted domain, so the certificate you install there serves example.com and the sub-domains under that account. NodeWorx handles the server itself, so the certificate you install there serves the InterWorx control panel hostname and the system services (FTP, SMTP, Dovecot). Most website owners only need SiteWorx; the server administrator handles NodeWorx.
In SiteWorx, it is at Hosting Features > Domains > SSL. In NodeWorx, it is at Server > SSL Certificates. The SiteWorx page exposes Setup Private Key, Setup CSR, Setup SSL Certificate, and Setup SSL Chain Certificate as separate forms.
Only if you generated the CSR outside InterWorx (for example with OpenSSL on your laptop or with the SSL Dragon CSR Generator). When the CSR was generated inside InterWorx itself, the key is already on the server and you only paste the issued certificate and the CA bundle.
Yes. InterWorx 6 and later ship with a Let’s Encrypt plugin and AutoSSL. The NodeWorx administrator enables the plugin once and turns SSL on for each SiteWorx account; the per-domain certificate is then issued and renewed automatically. Let’s Encrypt is a free DV option. For OV, EV, or wildcard certificates from other CAs, use the paste-in workflow.
No. In SiteWorx, InterWorx reloads the web server automatically when you click Install. In NodeWorx, the form has a Restart Services Now dropdown that handles it for the services you ticked.
The CA bundle is missing or incomplete. Desktop browsers often have the intermediate cached from another site and so display the padlock anyway, while mobile devices and curl or API clients do not. Re-open Hosting Features > Domains > SSL, click Setup SSL Chain Certificate, and paste the full .ca-bundle from your CA. Verify the result with our SSL Checker.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


