How to Install SSL Certificate in cPanel

In today’s digital landscape, a secure website is no longer a luxury—it’s an absolute necessity. You’ve likely heard the term SSL certificate, seen the reassuring padlock icon in your browser’s address bar, and know that it’s something your website needs. But if you’re using cPanel, the process might seem daunting.

Fear not. This comprehensive, step-by-step guide is designed to demystify the entire process. We will walk you through every method of installing an SSL certificate in cPanel, from the fully automated option to the manual process, ensuring your website is secure, trusted by visitors, and favored by search engines like Google.

Why an SSL Certificate is Non-Negotiable for Your Website

Before we dive into the “how,” let’s quickly cover the “why.” An SSL (Secure Sockets Layer) certificate encrypts the data transmitted between a user’s browser and your web server. This is crucial for any website, especially those handling sensitive information. Here’s what it does for you:

• Data Encryption: Protects sensitive information like login credentials, credit card numbers, and personal details from being intercepted by hackers.
• Authentication: Verifies that your website is who it claims to be, preventing “man-in-the-middle” attacks.
• Trust and Credibility: The padlock icon and “HTTPS://” prefix assure visitors that your site is secure, increasing their confidence and willingness to engage.
• SEO Boost: Google explicitly uses HTTPS as a ranking signal. A secure site will likely rank higher in search results than an insecure one.
• Browser Compliance: Modern browsers like Chrome and Firefox explicitly warn users when they are visiting a non-HTTPS site, labeling it “Not Secure.” This instantly erodes trust and increases bounce rates.

Method 1: The Easiest Way – AutoSSL (Free with Your Hosting)

For most website owners, this is the fastest and simplest solution. Many modern cPanel hosts (like Nanoshellnet and others) come with AutoSSL enabled by default, often powered by Let’s Encrypt, a free, automated, and open certificate authority.

AutoSSL automatically provisions, installs, and renews SSL certificates for all domains and subdomains on your cPanel account. Here’s how to check if it’s active and trigger it manually.

Step-by-Step: Enabling AutoSSL

1. Log into your cPanel. Your hosting provider will have given you a direct link (e.g., yourdomain.com/cpanel) and login credentials.

2. Locate the “Security” Section. Scroll down or use the search bar at the top to find the Security section.

3. Find and Click “SSL/TLS Status”. This is the central hub for managing your certificates.

4. Review Your Domains. You will see a list of all your domains and subdomains. Next to each, you’ll see their SSL status.
   • If a certificate is active and valid, you’ll see a green checkmark and an expiration date.
   • If there is no certificate, the status will be blank or show an error.
5. Run AutoSSL. If a domain is missing its certificate, you can often trigger AutoSSL manually. Look for a button labeled “Run AutoSSL” or “Issue Multiple”. Click it.

6. Wait for Propagation. The system will now attempt to generate and install a certificate for your domain. This process can take anywhere from a few minutes to a few hours. You may receive an email confirmation once it’s complete.
7. Verify Installation. Once done, open a new incognito browser window and navigate to https://yourdomain.com. You should see the padlock icon. Congratulations! Your site is now secure.

The Beauty of AutoSSL: The system handles renewals automatically. You can essentially “set it and forget it,” knowing your site will remain secure without manual intervention.

Method 2: Manual Installation of a Third-Party SSL Certificate

Sometimes, you may need a specific type of SSL certificate (e.g., Organization Validation (OV) or Extended Validation (EV)) that provides a higher level of trust and validation. These are typically purchased from a Certificate Authority (CA) like Sectigo, DigiCert, or GeoTrust.

After purchasing, the CA will email you your certificate files, usually in a ZIP folder. You will typically receive three things:

• Your Domain Certificate (e.g., your_domain.crt)
• A Private Key (often generated on your server when you created the Certificate Signing Request (CSR))
• A CA Bundle (or Intermediate Certificate) – this is crucial for linking your certificate to a trusted root.

If you don’t have the private key, you’ll need to generate a new CSR first.

Part A: Generating a Certificate Signing Request (CSR) in cPanel

1. In cPanel, go to the Security section and click “SSL/TLS”.
2. Under “Certificate Signing Requests (CSR)”, click “Generate, view, or delete SSL certificate signing requests.”
3. Fill out the form meticulously. Every detail must be accurate:
   • Domains: Enter the fully qualified domain name you want to secure (e.g., www.yourdomain.com). To also cover the root domain, use yourdomain.com in the first field and www.yourdomain.com in the “Domains” field below.
   • City, State, Country: Use the official names, no abbreviations (e.g., “Los Angeles” not “LA”).
   • Company Name: Your legally registered business name. For an OV or EV cert, this will be rigorously verified.
   • Email Address: An administrative contact email.
4. Click “Generate”. cPanel will create your CSR and, most importantly, a Private Key.
5. Copy the CSR Code. This long block of text, beginning with —–BEGIN CERTIFICATE REQUEST—– and ending with —–END CERTIFICATE REQUEST—–, is what you submit to your Certificate Authority to generate your certificate. Save both the CSR and the Private Key in a secure text file on your computer.

Part B: Installing the Certificate

Once your CA emails you the certificate files, it’s time to install them.

1. Back in cPanel, go to Security > SSL/TLS.
2. Click “Manage SSL sites” under “Install and Manage SSL for your site (HTTPS)”.
3. You will see an interface with a dropdown to “Select a Domain”. Choose the domain you are securing.
4. Three text boxes will appear:
   • Certificate: (CRT) Open the .crt file you received from the CA in a text editor (like Notepad++ or VS Code). Copy the entire content, including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines, and paste it into this box.
   • Private Key (KEY) Find the private key you generated when creating the CSR. Open that text file, copy the entire content (including —–BEGIN PRIVATE KEY—–), and paste it here.
   • Certificate Authority Bundle: (CABUNDLE) This is the most commonly missed step. Open the CA Bundle file (often called ca-bundle.crt or similar) from your CA. Copy its entire content and paste it into this box.
5. Double-check everything. Ensure there are no extra spaces, characters, or missing lines. The accuracy is paramount.
6. Click “Install Certificate”.

cPanel will now process the installation. If successful, you will see a confirmation message.

Step 3: The Final, Crucial Step – Force HTTPS Redirect

Installing the certificate doesn’t automatically redirect HTTP traffic to HTTPS. Without this redirect, users can still access the insecure version of your site, which is a security risk.

The easiest way to force HTTPS is by editing your .htaccess file.

1. In cPanel, go to Files > File Manager.
2. Navigate to the root directory of your website (often public_html). Ensure you can see hidden files by clicking “Settings” in the top-right and checking “Show Hidden Files (dotfiles)”.
3. Find and edit the .htaccess file. If it doesn’t exist, you can create a new one.
4. Add the following code at the very top of the file:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

5. Save the changes.

This code tells the server that any request coming in on HTTP (%{HTTPS} off) should be permanently redirected (301) to the same URL but using the HTTPS protocol.

Troubleshooting Common SSL Installation Issues

• “Not Secure” or Certificate Error: Clear your browser cache and try an incognito window. The issue is often a cached redirect. Use an SSL checker tool (like SSL Labs’ SSL Test) to diagnose the problem from a server perspective.
• Mixed Content Errors: The padlock is broken? This means your site is loading some resources (images, CSS, JavaScript) over HTTP instead of HTTPS. You need to find and update all HTTP links to either relative (//) or absolute HTTPS (https://) links. Plugins like “Better Search Replace” can help with this in WordPress.
• SSL Not Working for www Version: When generating your CSR, you must specify both the root domain and the www version. Reissue your certificate to include both, or ensure your redirects are correctly configured.
• Certificate Not Trusted: This almost always means the CA Bundle (Intermediate Certificate) was not installed correctly. Go back and double-check that step.