Securing your website with an SSL certificate is essential for encrypting data and building trust with visitors. cPanel makes this process accessible through its AutoSSL feature, often using Let’s Encrypt as the provider to issue free, automated certificates.
This guide explains how to install, verify, and enforce a Let’s Encrypt SSL certificate directly from your cPanel dashboard.
Understanding AutoSSL and Let’s Encrypt
AutoSSL is a cPanel feature that automates the request, installation, and renewal of domain-validated certificates. Let’s Encrypt is a popular provider that works within this system to issue certificates that are valid for 90 days.
AutoSSL runs on a schedule and renews certificates automatically before they expire, so you typically do not need to watch the calendar for renewals.
Installing SSL via the SSL/TLS Status Interface
If your hosting provider uses the native AutoSSL integration, you can manage the installation through the SSL/TLS Status page.
First, log in to your cPanel account and use the search bar to find the SSL/TLS Status tool. This interface displays the security status of all domains associated with your account.
Look for a red padlock or a warning icon next to your domain, which indicates that no valid SSL certificate is installed. To install the certificate, select the checkboxes next to the affected domains and click the Run AutoSSL button. The system will verify domain ownership and install the certificate in the background.
AutoSSL will only issue certificates for domains that pass a Domain Control Validation (DCV) test. Ensure your domain points to the correct server and that DNS has propagated before running this process.
Installing SSL via the Let’s Encrypt Plugin
Some hosting providers offer a dedicated Let’s Encrypt icon in cPanel.
Locate the Security section in cPanel and click on Let’s Encrypt SSL. Find the domain you wish to secure in the list and click the Issue button.
On the issuance screen, ensure the "http-01" validation method is selected. Unless you specifically require a wildcard certificate—which requires DNS-based validation—you can typically leave the wildcard option unchecked. Click Issue to complete the installation.
If you attempt to issue a wildcard certificate (e.g., *.example.com), you must use DNS validation, as HTTP validation does not support wildcards.
Verifying the Installation
Once the installation is complete, you should verify that the certificate is active.
Open your website in a web browser using "https://" before your domain name. If the installation was successful, a padlock icon should appear in the address bar.
If you do not see the lock icon immediately, try opening your site in an Incognito or Private window to rule out browser caching issues.
Forcing HTTPS Redirection
Installing the certificate does not always automatically force visitors to use the secure version of your site. You must enable redirection to ensure all traffic uses HTTPS.
In the Domains interface in cPanel, locate the option for Force HTTPS Redirection. Toggle the switch to "On" to automatically redirect visitors from the insecure HTTP version to the secure HTTPS version.
Alternatively, you can add a redirect rule to your .htaccess file if you prefer manual configuration.
Key Takeaway
cPanel allows you to secure your website for free using the AutoSSL feature and Let’s Encrypt.
You can install certificates via the SSL/TLS Status page by clicking "Run AutoSSL" or through the Let’s Encrypt SSL plugin interface.
Once installed, always verify the browser padlock and enable Force HTTPS Redirection to ensure visitor data remains encrypted.
Trust is the currency of the web.