SSL > Setup

December 13, 2024

8 minute read

How to Install an SSL Certificate in cPanel for Beginners

If you’re about to launch your first website, someone has probably told you, “Make sure you get an SSL certificate!” But what exactly is an SSL certificate for a website, and why is it important? Does it matter if it’s free or paid? And most importantly, how do you actually get one and install it?

In this guide, we’ll break it all down for you, step by step. By the end, you’ll know exactly how to install an SSL certificate in cPanel and secure your website. Let’s get started!

What is an SSL certificate and why do you need one?

Before we jump into the installation steps, let’s take a step back to understand what an SSL certificate is, and why it’s so crucial for your website’s security.

An SSL certificate is essentially a digital document that verifies the identity of a website. SSL stands for Secure Sockets Layer, a technology that encrypts data so hackers can’t intercept it. But wait, what’s encryption?

Encryption is a process that scrambles data into a code that only authorized parties can decipher. When you visit a website with an SSL certificate (HTTPS enabled), your browser and the website’s server exchange a cryptographic key. This key is used to encrypt all the data transmitted between the two.

As you’d assume, this encrypted data would be unreadable to anyone without the key. Think of it like sending a locked box through the mail. Only the sender and the receiver have the key, so even if someone intercepts the box, they can’t open it or see what’s inside.

When a website has an SSL certificate, you’ll see a padlock symbol next to its URL in your browser. This tells visitors that the website is safe to use. Without SSL, most browsers will flag your site as “Not Secure,” which can scare away potential users.

Domainking.ng domain with padlock next to it

Reasons to get an SSL certificate

Still not convinced? Here are some compelling reasons to get an SSL certificate:

  • It protects sensitive data like passwords, credit card details, and personal data, keeping hackers at bay.
  • The padlock symbol in the browser reassures visitors that your website is secure.
  • Search engines like Google prioritize secure websites, which helps your site rank higher in search results.
  • If you’re running an e-commerce site, SSL is a must for secure payment processing.
  • Many data protection laws, like GDPR, require websites to use SSL to safeguard user data.

How to install an SSL certificate in cPanel

Next, we will provide a detailed guide on how to generate SSL certificate in cPanel. But before we begin, let’s discuss the available options:

  • Free SSL certificates: Services like Let’s Encrypt offer free SSL certificates. These can work for personal websites or blogs but may lack advanced features like a warranty or extended validation. For example, Let’s Encrypt certificates are only valid for 90 days. Many hosting providers also include free SSL options directly in cPanel. Look for the AutoSSL tool in cPanel to enable it automatically.
  • Paid SSL certificates: Paid SSL certificates are ideal for e-commerce sites or businesses. They often include extra features like customer support, warranties, and higher trust levels. You can purchase these from a Certificate Authority (like DigiCert or GlobalSign) or through your hosting provider.

Step 1 – Generate a Certificate Signing Request (CSR)

A Certificate Signing Request (CSR) is a formatted request that contains information about your domain, organization, and public key. A Certificate Authority (CA) uses this request to verify your identity and generate an SSL certificate for you.

Here’s how to generate a CSR via cPanel:

  1. Log in to your cPanel account.
  2. Scroll down to the Security section and click on SSL/TLS.
cPanel security section
  1. Under the Certificate Signing Requests (CSR) section, click Generate, view, or delete SSL certificate signing requests.
cPanel security section - SSL/TLS page
  1. Fill in the form with your domain details. You’ll be asked to enter your:
  2. Key: This will be a 2048-bit cryptographic key. You can generate a new one, or use any available ones.
  3. Domains: Enter the domains you want the SSL for (e.g., yourdomain.com).
  4. City/State/Country: Enter your location details.
  5. Company: Add your organization’s name (or your own name for personal sites).
  6. Email: Provide a valid email address.
  7. Passphrase: Some CAs require CSRs to have passphrases. If your CA requires one, enter it here.
  8. Description: A description/overview of the CSR.
Email generation form
  1. Double check all the entered details and then click Generate.
  2. Copy the encoded CSR code displayed on the screen. You’ll need this for the next step.
Encoded CSR code

Step 2: Obtain your SSL certificate

Now that you have a CSR, you can obtain your SSL certificate. Choose a CA that suits your needs. Once you have decided, follow these steps:

  1. Log in to the website of your chosen CA.
  2. Start the SSL certificate request process and choose the type of SSL certificate you want (e.g., single domain, wildcard, or multi-domain).
  3. During the setup, you’ll be prompted to provide the CSR. Paste the CSR you generated in cPanel.
  4. To verify that you own the domain, the CA would use one of the following methods:
  5. Email validation: The CA sends a verification email to an admin address associated with your domain (e.g., admin@yourdomain.com). You’ll need to click the link in the email to verify.
  6. DNS validation: The CA provides a DNS record that you add to your domain’s DNS settings.
  7. File upload validation: The CA gives you a file to upload to your website’s root directory.
  8. Once the verification is complete, the CA will issue your SSL certificate. Download the certificate files and keep them handy. You’ll use them in the installation step.

Step 3: Install the SSL certificate in cPanel

After obtaining the SSL certificate, follow these steps to install it:

  1. Log in to your cPanel account.
  2. Go to the Security section and click on SSL/TLS.
  3. Under the “Certificates (CRT)” section, click Generate, view, upload, or delete SSL certificates.
cPanel security section - Certificates (CRT) section
  • Scroll down to the Upload a new certificate section.
cPanel security section - Certificates (CRT) section - upload a new certificate
  • You now have two options.
  • Paste the body of the certificate in the text box (see the screenshot above), add a description and click Save certificate.
  • Upload the certificate file by selecting Browse (see the screenshot below) and navigating to its location. Add a description and click Upload certificate.
cPanel security section - Certificates (CRT) section - after uploading the certificate file, add a description

Step 4: Test your SSL installation

Once installed, you should verify that the SSL certificate is working correctly. Here’s how to go about it:

  • Visit your website on a browser. Check for the padlock symbol in the browser address bar. If it appears then the installation worked!
  • Use an online SSL checker to ensure that everything is configured properly. A recommended option is the SSL Server Test tool by SSL Labs.
Verifying that the SSL certificate is working correctly by using the SSL Server Test tool by SSL Labs
  • Go through the report generated by the SSL checker to spot any red flags. Ideally, you should score high marks in all departments, like protocol support, key exchange, and cipher strength.

FAQs about SSL certificates

Next, we will answer some frequently asked questions about SSL certificates:

Can I use one SSL certificate on multiple servers?

Yes, but it depends on the type of SSL certificate:

  • Wildcard SSL certificates: These cover one domain and all its subdomains (e.g., example.com and blog.example.com). You can use the same certificate across multiple servers if they host the same domain and subdomains.
  • Multi-domain SSL certificates (SAN Certificates): These are designed for securing multiple domains under a single certificate (e.g., example.com, example.net, and example.org). They can also be used on multiple servers.

For regular single-domain SSL certificates, you need a separate certificate for each server.

How to know if a website has an SSL certificate?

Look for the padlock symbol. In most browsers, a padlock icon appears next to the website URL in the address bar for websites with SSL certificates. Another way is to check for HTTPs; secure websites start with https:// instead of http://. If you don’t see either of the above, or encounter a browser warning, the website likely doesn’t have a valid SSL certificate.

How to generate an SSL certificate in cPanel?

Here’s a quick overview of the process:

  • Log in to your cPanel account.
  • Go to SSL/TLS in the Security section.
  • Generate a new CSR.
  • Log in to the CA’s website and submit the CSR.
  • Wait for the CA to validate domain ownership.
  • After the CA verifies that you own your domain, it will generate a certificate and share it with you.
  • Upload the certificate to your site via cPanel.

For a more detailed, step-by-step guide, refer to the “How to install an SSL certificate in cPanel” section above.

What is the best SSL certificate to buy?

Here are some factors to consider when evaluating SSL certificates:

  • Domain coverage: If you have multiple subdomains, go for a wildcard SSL. For multiple domains, choose a multi-domain certificate.
  • Validation level: Decide on the level of validation. Available options are:
  • Domain Validation (DV): Basic SSL for personal sites or blogs.
  • Organization Validation (OV): Provides more trust by verifying your organization.
  • Extended Validation (EV): Offers the highest level of trust with a green address bar in some browsers.
  • Budget: Free SSL options like Let’s Encrypt work for simple sites. Paid options are generally better for practical purposes.

Additional tips for managing SSL certificates

Finally, here are some best practices to keep your SSL setup working smoothly:

  • After installing your SSL certificate, set up a redirect to make sure that all traffic automatically goes to the secure https:// version of your site. You can configure this in cPanel or your .htaccess file.
  • Keep track of the expiration date of your certificate, and renew it before it expires to avoid downtime or security issues. If possible, set up automated renewal through your hosting provider or a dedicated SSL management tool.
  • Make it a habit to regularly test your SSL setup using tools like SSL Labs to confirm there are no misconfigurations or vulnerabilities.
  • Enable HSTS (HTTP Strict Transport Security). HSTS forces browsers to only connect to your site over HTTPS, making it impossible to form HTTP connections, even accidentally. You can configure this in your server settings.
  • After switching to HTTPS, update all internal links, images, and scripts to use https:// to avoid mixed content warnings in browsers.
  • To take security up a notch, consider using a Web Application Firewall (WAF). It can help protect your website from common web attacks like SQL injection and cross-site scripting (XSS).

Conclusion

An SSL certificate is a must-have for websites of all types and sizes. Not only does it protect sensitive data and build trust with your visitors, but it also helps you meet security standards and improve your site’s search engine rankings.