Let's Encrypt

How to install Let's Encrypt SSL Certificate at cPanel
Written by Admin Updated over a week ago

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides SSL certificates at no charge. The certificate is valid for 90 days, during which renewal can take place at anytime. It launched on April 12, 2016.
— Wikipedia

The official web-site of Let’s Encrypt Certificate Authority (CA): https://letsencrypt.org/

There are a lot of internet services provide a generation of Let's Encrypt SSL certificates. You can use any of them because the logic is the same. If you have enough experience with Linux software, you can create Let's Encrypt SSL certificates even by yourself. At this article we use service www.sslforfree.com to generate SSL certificates and will run you through step-by-step installation of the certificate at the cPanel.

  • 1

    Go to SSL generator service

    Use this link: https://www.sslforfree.com

  • 2

    Enter your website domain name to input field

    To secure one domain only, enter the domain name without WWW. For example, for domain "example.org":

    Image Description
  • 3

    Hit the button "Create Free SSL Certificate".

    Service will redirect you to the next step.

  • 4

    Hit the button "Manually Verify Domain".

    At the new page you need to select the type of the verification. We highly recommend you to use "Manual Verification":

    Manual Verification

    NOTE If you create Wilcard Certificate (to protect all subdomains) or for multiple domains, you do not have any choice except manual verification.

  • 5

    Download two verification files

    You need to click on two links provided by service to download two verification files:

    Save verification files somewhere at your PC.

  • 6

    Login to cPanel at your HostBrook account

    Click "File Manager" at the tab "FILES":

  • 7

    Be sure you can see Hidden Files

    At the top right corner click "Settings" and at the modal window check "Show Hidden Files (dotfiles)":

    Save Preferences.

  • 8

    Create a folder in your domain named ".well-known"

    • At the directory tree click on folder "public_html"
    • At the top menu cllick "Folder"
    • At the pop-up window enter New Folder Name ".well-known" and click "Create New folder"

    At this step, your folder tree should looks like this:

  • 9

    Create another folder in your domain under ".well-known" named "acme-challenge"

    • At the directory tree at left click on folder ".well-known"
    • At the top menu cllick "Folder"
    • At the pop-up window put New Folder Name "acme-challenge" and click "Create New folder"

    At this step, your folder tree should looks like this:

  • 10

    Upload both verifications files to the "acme-challenge" folder

    • At the top menu cllick "Upload"
    • Upload two files
    • Return to File Manager

    At this step, your folder tree should looks like this:

    NOTE Next time, when you will renew the certificate, you do not need to create ".well-known" and "acme-challenge" folders again. Just delete existing verification files and replace with new ones.

  • 11

    Return to sslforfree.com and check verification files

    You need to click on two links provided by service to check if verification files can be open

    If both files open, you can proceed with the next step. If not - check steps 8-10.

  • 12

    Hit the button "Download SSL Certificate"

    sslforfree.com will generate SSL certificate (it can take couple minutes) and at the end you will be redirected at the page with three text areas "Certificate", "Private Key" and "CA Bundle":

    You can download all these Certificate Files and backup them. Leave current browser page open and back to cPanel.

  • 13

    Back to cPanel and find tab "SECURITY".

    Click on "SSL/TLS" link at the tab "SECURITY":

  • 14

    Click on link "Manage SSL sites."

  • 15

    Copy/Paste Certificate, Private Key and CA Bundle in the relevant text areas

    Select the Domain you would like to apply Certificate for.

    Copy from sslforfree.com and paste Certificate fields in the relevant text areas: "Certificate (CRT)", "Private Key (KEY)" and "Certificate Authority Bundle":

  • 16

    Hit the button "Install Certificate"

    Certificate installation can take couple of minutes. Do not close the window until get a confirmation that your Certificate is successfully installed/updated:

    You are done!

  • 1

    Go to SSL generator service

    Use this link: https://www.sslforfree.com

  • 2

    Enter website domain name to input field

    To secure all subdomains under a domain add an asterisk to the beginning of the domain followed by a period. Wildcard domains do not secure the root domain so you must re-enter the root domain if you want it also secured under one certificate. For example to create a wildcard domain for example.org enter "*.example.org example.org":

    Image Description
  • 3

    Hit the button "Create Free SSL Certificate".

    Service will redirect you to the next step.

  • 4

    Hit the button "Manually Verify Domain".

    Service will redirect you to the next step. You will see DNS records for each domain you need Certificate, like an example:

    These records have to be added to your hosting.

  • 5

    Go into the DNS management page that your domains use

    If you are with HostBrook or GoDaddy, go to "My Products" at your account and hit the button "DNS" for domain you want to create Certificate:

  • 6

    Add the TXT records provided by sslforfree.com to the DNS server

    Using "Add" button add two records, with values provided by sslforfree.com in the relevant fields.

    WARNING 1 At the field "Host" you need to add "_acme-challenge" (without domain name).

    WARNING 2 The min Time to Live (TTL) at HostBrook and GoDaddy hostings you can put 600 sec. Therefore, select "Custom" in the field "TTL" and add 600 in the new field "Seconds". Please use screenshot below as an guide:

    Manual Verification Manual Verification

    At the end, you should see 2 new records at the bottom of records list, like an example:

    Manual Verification
  • 7

    Verify TXT records

    Verify TXT records by clicking on link provided by sslforfree.com

    Verification can take a little bit time, and at the end you have to get a confirmation: "TXT Record(s) Found", for example:

    Manual Verification
  • 8

    Hit the button "Download SSL Certificate"

    sslforfree.com will generate SSL certificate (it can take couple minutes) and at the end you will be redirected at the page with three text areas "Certificate", "Private Key" and "CA Bundle":

    You can download all these Certificate Files and backup them.

  • 9

    Go to SSL management at cPanel

    If you are with HostBrook or GoDaddy go to "My Products", find tab "Web Hosting"

    Hit the button "Manage" for your web hosting plan

    Hit the button "cPanel Admin" at the top right corner

    At the cPanel click on "SSL/TLS" link at the tab "SECURITY":

  • 10

    Click on link "Manage SSL sites."

  • 11

    Copy/Paste Certificate, Private Key and CA Bundle in the relevant text areas

    Select the Domain you would like to apply Certificate for.

    Copy from sslforfree.com and paste Certificate fields in the relevant text areas: "Certificate (CRT)", "Private Key (KEY)" and "Certificate Authority Bundle":

  • 12

    Hit button "Install Certificate"

    Certificate installation can 5..20 seconds. Do not close the window until get a confirmation that your Certificate is successfully installed/updated:

    You are done!

  • 1

    Go to SSL generator service

    Use this link: https://www.sslforfree.com

  • 2

    Enter your website domain name to input field

    To secure multiple domains or subdomains or Wildcards, just easy separate them by spaces (e.g. "subdomain.domain.com domain.com otherdomain.org *.wildcarddomain.com"):

    Image Description
  • 3

    Hit the button "Create Free SSL Certificate".

    Service will redirect you to the next step.

  • 4

    Hit the button "Manually Verify Domain".

    Service will redirect you to the next step. You will see DNS records for each domain you need Certificate, like an example:

    These records have to be added to your hosting.

  • 5

    Go into the DNS management page that your domains use

    If you are with HostBrook or GoDaddy, go to "My Products" at your account and hit the button "DNS" for domain you want to create Certificate:

  • 6

    Add the TXT records provided by sslforfree.com to the DNS server

    Using "Add" button add two records, with values provided by sslforfree.com in the relevant fields.

    WARNING 1 At the field "Host" you need to add "_acme-challenge" (without domain name).

    WARNING 2 The min Time to Live (TTL) at HostBrook and GoDaddy hostings you can put 600 sec. Therefore, select "Custom" in the field "TTL" and add 600 in the new field "Seconds". Please use screenshot below as an guide:

    Manual Verification Manual Verification

    At the end, you should see 2 new records at the bottom of records list, like an example:

    Manual Verification
  • 7

    Verify TXT records

    Verify TXT records by clicking on link provided by sslforfree.com

    Verification can take a little bit time, and at the end you have to get a confirmation: "TXT Record(s) Found", for example:

    Manual Verification
  • 8

    Hit the button "Download SSL Certificate"

    sslforfree.com will generate SSL certificate (it can take couple minutes) and at the end you will be redirected at the page with three text areas "Certificate", "Private Key" and "CA Bundle":

    You can download all these Certificate Files and backup them.

  • 9

    Go to SSL management at cPanel

    If you are with HostBrook or GoDaddy go to "My Products", find tab "Web Hosting"

    Hit the button "Manage" for your web hosting plan

    Hit the button "cPanel Admin" at the top right corner

    At the cPanel click on "SSL/TLS" link at the tab "SECURITY":

  • 10

    Click on link "Manage SSL sites."

  • 11

    Copy/Paste Certificate, Private Key and CA Bundle in the relevant text areas

    Select the Domain you would like to apply Certificate for.

    Copy from sslforfree.com and paste Certificate fields in the relevant text areas: "Certificate (CRT)", "Private Key (KEY)" and "Certificate Authority Bundle":

  • 12

    Hit button "Install Certificate"

    Certificate installation can 5..20 seconds. Do not close the window until get a confirmation that your Certificate is successfully installed/updated:

    You are done!

How to redirect users to SSL-enabled connections

The last thing you need to done is a rederecting of your users to SSL connection only. By default, if the user enter url of your website starting from "http://" unsecured connection will be established. To prevent this you need:

Do not forget!

Was this article helpful?

Related articles