Managing and installing SSL certificates in cPanel & WHM is remarkably straightforward. With AutoSSL and integrations like the cPanel Let’s Encrypt™ plugin, certificate requests and installations are fully automated. This automation significantly reduces the time web hosting providers spend on SSL management and minimizes the support requests often associated with certificate-related issues.
While AutoSSL features a reliable default certificate provider, chosen for its robust performance, ease of use, and generous domain and rate limits, we've also ensured that switching providers is simple. This comprehensive article will guide you through configuring AutoSSL to utilize Let’s Encrypt™, a popular provider offering free SSL certificates that are valid for 90 days.
Understanding SSL Certificates
SSL certificates are essential digital files that contain information used to verify a server’s identity and encrypt data before it is transmitted across the internet. Their primary function is to secure HTTPS connections, which significantly enhance the web’s standard HTTP protocol by adding layers of identity verification and robust encryption. This security measure is crucial for protecting sensitive data exchanged between users and websites.
When you observe a padlock icon in your browser’s address bar, it signifies that the domain is protected by an SSL certificate that your browser trusts, confirming that all communication between your device and the server is securely encrypted.
How does a browser determine the trustworthiness of a certificate? After all, anyone can generate a certificate; you could create your own right now using OpenSSL software on your server or within cPanel’s SSL management interface. This is where certificate authorities (CAs) play a vital role. A CA is a trusted entity that verifies that an individual or organization legitimately controls a domain. Once verified, the CA digitally signs the certificate. When a browser encounters a CA’s signature, it recognizes and trusts the server to which it is connected, ensuring a secure browsing experience.
While all SSL certificates function similarly, a key distinction lies in the validation process, which directly influences their cost. This refers to the level of effort the CA invests in investigating and verifying the organization behind the certificate:
- Domain Validation (DV): The applicant simply needs to demonstrate control over the domain, typically by uploading a specific file to the server or adding a unique DNS record. These are often free.
- Organization Validation (OV): The applicant must prove both domain ownership and that they are a legally registered business. This involves more rigorous checks.
- Extended Validation (EV): This is the most stringent validation, requiring the applicant to own the domain, be a legally registered business, and undergo an extensive investigation and authentication process by the CA. EV certificates display the organization’s name in the browser, offering a higher level of trust.
As anticipated, EV certificates are the most expensive due to the significant time and resources required for their validation. OV certificates are less costly, and DV certificates are frequently offered for free. For further details and to determine which SSL certificate best suits your specific needs, we invite you to explore our comprehensive guide: "Which SSL is right for me?"
Leveraging cPanel's Let’s Encrypt Plugin for Free SSL Certificates
Let’s Encrypt stands as a prominent certificate authority renowned for specializing in free Domain Validation (DV) SSL certificates. It played a pioneering role in the free SSL movement, being one of the first to develop the robust infrastructure and innovative software necessary to automate the entire certificate request and installation process. This automation has democratized website security, making it accessible to a broader audience.
Today, numerous CAs offer free DV certificates, including cPanel-partner Sectigo, which serves as the default SSL provider within cPanel’s AutoSSL feature. However, if you prefer to utilize Let’s Encrypt instead, the process to switch providers is quite straightforward.
To enable Let’s Encrypt within AutoSSL, the initial step involves installing the cPanel Let’s Encrypt plugin. To do this, log in to your server as the root user via SSH and execute the following command:
/scripts/install_lets_encrypt_autossl_providerThis script will install the plugin along with its necessary dependencies. Should you decide to revert, the plugin can be effortlessly removed by running the uninstall script as root:
/scripts/uninstall_lets_encrypt_autossl_providerConfiguring the Let’s Encrypt Plugin in cPanel
Once the plugin is installed, the next step is to activate the Let’s Encrypt AutoSSL provider within WHM. Open your WHM interface and navigate to the Manage AutoSSL page, which can be found under the SSL/TLS section in the sidebar menu.
On this page, select Let’s Encrypt from the list of AutoSSL Providers.
Before proceeding with Let’s Encrypt, you will be prompted to agree to the provider’s terms of service. You will also notice an option to “Recreate my current registration with Let’s Encrypt.” This option is typically only required if your existing Let’s Encrypt license has expired or become corrupted, so it is generally not necessary to select it during initial setup.
After reviewing and accepting the terms, click Save. cPanel will then switch its AutoSSL provider to Let’s Encrypt. The next time AutoSSL performs a certificate renewal or installation, it will utilize Let’s Encrypt instead of the previously configured default provider.
If you wish to immediately replace your server’s existing certificates with new ones from Let’s Encrypt, you will need to manually remove the old certificates. Navigate to Manage SSL Hosts, also found under SSL/TLS in the sidebar menu. Please be aware that when certificates are removed, their associated websites will temporarily not be accessible via a secure HTTPS URL until new certificates are successfully installed.
Once the old certificates are removed, return to the Manage AutoSSL page and click Run AutoSSL For All Users. cPanel will then regenerate the removed certificates, sourcing the replacements from the newly configured Let’s Encrypt provider, restoring HTTPS functionality to your sites.
Managing Certificates with the Let’s Encrypt Plugin in cPanel
AutoSSL represents a significant advancement over earlier SSL management systems, primarily because its operation is largely automatic. The inherent complexities of interacting with the Certificate Authority, deploying validation tokens, and installing certificates are all seamlessly handled without requiring direct user intervention. This automation greatly simplifies the ongoing maintenance of SSL security.
However, there are still some configurations within the cPanel Let’s Encrypt plugin that you may wish to adjust to suit your specific needs. These options are accessible under the Options tab within the Manage AutoSSL interface. Here, you can configure user and administrator notifications for various AutoSSL events, including certificate request failures, renewal issues, and other critical alerts, ensuring you stay informed about your server’s SSL status.
Towards the bottom of the options page, you will find the “Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates” setting.
This option grants AutoSSL permission to replace certificates that it did not originally issue or does not currently manage. While this feature is incredibly useful for facilitating a smooth transition for users who obtained their certificates from a different Certificate Authority, it's crucial to be aware of its implications. Enabling this setting means AutoSSL will replace any expiring Organization Validation (OV) or Extended Validation (EV) certificates with a Domain Validation (DV) certificate. This might not align with the security or trust requirements of your users who specifically chose OV or EV certificates for their enhanced validation levels.
Finally, under the Manage Users tab, you have the flexibility to configure precisely which cPanel users will benefit from AutoSSL’s automated certificate management.
From this interface, you can individually enable or disable AutoSSL for specific cPanel users, or reset their settings to the default configuration defined within the Feature List Settings. By default, AutoSSL is activated for all users; however, this default behavior can be modified in the Feature Manager, which is accessible under the Packages section in the WHM sidebar menu.
Exploring Premium SSL Certificate Options in cPanel
While AutoSSL provides an incredibly low-maintenance system for delivering domain-validated certificates to your users, it is important to recognize that domain validation may not be suitable for all types of websites. Owners of business websites, complex web applications, and e-commerce stores often require the enhanced trust and validation offered by Organization Validation (OV) and Extended Validation (EV) certificates.
Sectigo stands as one of the world’s largest and most highly respected Certificate Authorities. They offer an extensive array of OV and EV SSL certificates, including advanced options like multi-domain and wildcard SSL certificates. All of these premium certificates can be seamlessly installed and managed using cPanel’s intuitive SSL/TLS interface, providing a streamlined experience for users requiring higher levels of assurance.
Before the introduction of AutoSSL in cPanel, the manual installation of SSL certificates and the unexpected expiry of certificates were among the most frequent and frustrating issues encountered by web hosts and their clients. Today, every cPanel user benefits from hassle-free DV certificates, whether provided by Sectigo or Let’s Encrypt, significantly enhancing website security and reducing administrative burden. Should you have any questions, feedback, or require further assistance, our team is readily available. You can connect with us on Discord, the cPanel forums, and Reddit, where we are committed to providing comprehensive support and engaging with our community.
