How to Install a Free SSL Certificate on cPanel Using Let’s Encrypt
Installing a free SSL certificate from Let’s Encrypt on a cPanel-managed hosting can significantly enhance your website’s security by encrypting data transferred between your server and your visitors. Here’s a step-by-step guide on how to set this up:
1. Check for AutoSSL
Before manually installing Let’s Encrypt, check if your hosting provider offers AutoSSL (cPanel’s built-in SSL management feature) which automatically installs and renews Let’s Encrypt SSL certificates for all domains configured in your account.
- Log into cPanel: Access your hosting dashboard.
- Find the ‘SSL/TLS Status’: This tool is often found under the ‘Security’ section.
- Check AutoSSL: If enabled, your domains should be covered automatically. If not, or if you prefer to use Let’s Encrypt directly, proceed with the following steps.
2. Enable Let’s Encrypt with AutoSSL
If your host supports AutoSSL but hasn’t enabled Let’s Encrypt:
- Access WHM (Web Host Manager): You’ll need root access to WHM to change this setting.
- Navigate to ‘Manage AutoSSL’: Usually found under the ‘SSL/TLS’ section.
- Select Provider: Choose ‘Let’s Encrypt’ as the provider and agree to the terms of service.
- Enable AutoSSL: Apply AutoSSL to your domains. WHM will automatically install and periodically renew the SSL certificates.
3. Manual Installation of Let’s Encrypt
If AutoSSL isn’t available or you prefer a more manual approach:
- Access SSH: Connect to your server via SSH.
- Install Certbot: Certbot is a Let’s Encrypt client that simplifies the process of obtaining and installing SSL certificates. Install Certbot by running:
sudo yum install certbot python2-certbot-apache # For CentOS/RHEL sudo apt-get install certbot python-certbot-apache # For Debian/Ubuntu
- Generate Certificate: Execute Certbot to generate the SSL certificate:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
Replace
yourdomain.com
with your actual domain name.
4. Manual Configuration in cPanel
If you installed the SSL certificate via Certbot without cPanel/WHM integration:
- Log into cPanel: Go to the SSL/TLS manager.
- Install and Manage SSL: Find the section to manage SSL sites.
- Install SSL Certificate: Copy and paste the certificate (CRT), private key (KEY), and CA bundle (CABUNDLE) into the appropriate fields for your domain. These files are typically located in
/etc/letsencrypt/live/yourdomain.com/
.
5. Verify Installation
- SSL Check: Use an online tool like SSL Labs’ SSL Test to check if the SSL certificate is installed correctly and functioning as expected.
- Browser Padlock: Visit your website and ensure that browsers show a secure padlock icon, indicating that SSL is working properly.
6. Setup Automatic Renewal
Let’s Encrypt certificates are valid for 90 days, so setting up automatic renewal is crucial:
- Cron Job for Renewal: Add a cron job to run the renewal command periodically:
0 2 * * * /usr/bin/certbot renew --quiet
This command attempts to renew any expiring certificates at 2:00 AM daily.
By following these steps, you can successfully install a free SSL certificate from Let’s Encrypt on your cPanel server, enhancing your website’s security and trustworthiness without incurring additional costs.