Install Let's Encrypt SSL certificates in cPanel
What is Let's Encrypt?
Let's Encrypt is a free, automated and open certificate authority that provides SSL/TLS certificates. Certificates are valid for 90 days and renew automatically, making them ideal for websites that need HTTPS at no additional cost.
Let's Encrypt advantages
- Free: No cost for the certificate
- Automatic: Renews automatically
- Easy to install: Simple process from cPanel
- Reliable: Recognized by all major browsers
Install Let's Encrypt certificate
1. Access cPanel
- Go to your cPanel panel
- Log in with your credentials
2. Go to SSL/TLS section
On the cPanel main page, look for the "Security" section and click on "SSL/TLS" or "SSL/TLS Status".
You can also search for it using the search box at the top of cPanel.
3. Install Let's Encrypt certificate
In the "SSL/TLS Certificates" section:
- Click "Manage SSL certificates"
- Look for the "Let's Encrypt Certificates" section
- Select the domain for which you want to install the certificate
- Select additional domains you want to include:
- www: To include www version
- Subdomains: If you want to include specific subdomains
- Click "Install"
cPanel will automatically install the Let's Encrypt certificate. This may take a few minutes.
4. Verify installation
After installation:
- Go back to "SSL/TLS Status"
- Verify the certificate is installed and active
- Check expiration date (should be approximately 90 days from installation)
- Try accessing your site with
https://yourdomain.com - Verify the green lock appears in the browser
Install certificate for multiple domains
If you have multiple domains or subdomains:
- When installing Let's Encrypt, select all domains and subdomains you want to include
- Or install a separate certificate for each domain
- Or install a wildcard certificate (if available) that covers all subdomains
Wildcard certificate: Covers all subdomains (e.g., *.yourdomain.com covers blog.yourdomain.com, shop.yourdomain.com, etc.)
Renew Let's Encrypt certificate
Let's Encrypt certificates expire every 90 days, but cPanel can renew them automatically:
- In "SSL/TLS Status", check expiration date
- If it's close to expiring (less than 30 days), you can renew it manually
- Click "Renew" next to the certificate
- Or wait for cPanel to renew it automatically
Note: In most cases, cPanel automatically renews Let's Encrypt certificates before they expire. Check automatic renewal configuration.
Configure automatic renewal
To ensure certificates renew automatically:
- In "SSL/TLS Status", verify automatic renewal is enabled
- If not enabled, contact your hosting provider to enable it
- Or configure a cron job that renews certificates automatically
Force HTTPS after installing SSL
After installing the certificate, it's recommended to force HTTPS:
- In cPanel, search for "Redirects"
- Create a permanent (301) redirect from HTTP to HTTPS
- Or add this in the
.htaccessfile:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Verify SSL certificate
To verify your SSL certificate is working correctly:
- Access your site with
https://yourdomain.com - In the browser, verify the green lock appears
- Click on the lock to see certificate details
- Verify the certificate is from Let's Encrypt
- Check expiration date
- Use online tools like SSL Labs for a complete analysis
Common problems
Error: "Certificate installation failed"
- Verify the domain is pointing correctly to the server
- Verify DNS records are configured
- Verify the domain is configured in cPanel
- Wait a few minutes and try again
- Verify there's no existing SSL certificate causing conflict
Site shows "Not Secure" or warning
- Verify certificate is installed correctly
- Verify you're accessing with
https://and nothttp:// - Clear browser cache
- Verify there's no mixed content (HTTP and HTTPS mixed)
- Verify certificate hasn't expired
Mixed content error
- Occurs when your HTTPS site loads resources (images, scripts) from HTTP
- Change all resource URLs to HTTPS
- Or use relative URLs instead of absolute
- In WordPress, update URLs in Settings > General
Certificate expired
- Renew the certificate from cPanel
- Verify automatic renewal is configured
- If automatic renewal fails, contact your hosting provider
Advanced configuration
Install wildcard certificate
To cover all subdomains with a single certificate:
- In "Let's Encrypt Certificates", look for wildcard certificate option
- If available, select "Wildcard"
- Configure DNS validation (may require adding a TXT record)
- Install the certificate
Note: Let's Encrypt wildcard certificates require DNS validation, which can be more complex than standard HTTP validation.
Compare with commercial certificates
Let's Encrypt:
- ✅ Free
- ✅ Automatic renewal
- ✅ Easy to install
- ✅ Valid for 90 days
- ❌ No warranty included
- ❌ No premium support
Commercial certificates:
- ✅ Include warranty
- ✅ Premium support
- ✅ Valid for longer (1-2 years)
- ✅ Some include extended validation (EV)
- ❌ Have cost
- ❌ Require manual renewal
Tips
- Use Let's Encrypt: It's perfect for most websites
- Configure automatic renewal: Make sure certificates renew automatically
- Force HTTPS: Configure HTTP to HTTPS redirect
- Verify regularly: Check your certificates status periodically
- Monitor expiration: Set up alerts for when certificates are close to expiring
- Use wildcard certificates if you have many subdomains: Simplifies management
Need help?
If you're having trouble installing or renewing Let's Encrypt certificates in cPanel, open a ticket from the billing.baires.host panel or contact us for support.
You can also reach us through our social media:
- Instagram: @baires_host
- Discord (active support): https://discord.gg/dzjauatAFN
- Linktree: https://linktr.ee/baires.host
