All Deployment guides Deployment

How to Install an SSL Certificate in cPanel

2026-05-08
cpanelsslshared-hostinginstallation

cPanel is the most widely used hosting control panel — most shared hosting providers include it. Installing an SSL certificate in cPanel takes a few minutes through the web interface. No command-line access needed.

Option 1: Check if AutoSSL is already active

Many hosting providers (Hostinger, Namecheap, SiteGround, A2 Hosting) enable AutoSSL by default — it automatically installs and renews a free Let’s Encrypt or Sectigo certificate for all your domains.

  1. Log in to cPanel
  2. Go to SecuritySSL/TLS Status
  3. If your domain shows a green padlock with “AutoSSL Domain Validated,” you already have SSL — no further action needed

If AutoSSL isn’t available or you want to install a certificate you generated yourself (e.g., from GetHTTPS), follow Option 2.

Option 2: Manual installation via SSL/TLS Manager

Use this when you have your own certificate files (cert.pem, privkey.pem, chain.pem).

Step 1: Get your certificate files

If you don’t have them yet, use GetHTTPS to generate a free Let’s Encrypt certificate. You’ll get:

  • cert.pem — your certificate
  • privkey.pem — your private key
  • chain.pem — the intermediate CA bundle

Step 2: Open the SSL/TLS Manager

  1. Log in to cPanel
  2. Scroll to Security section
  3. Click SSL/TLS
  4. Click Manage SSL Sites (under “Install and Manage SSL for your site”)

Step 3: Select the domain

Choose your domain from the dropdown menu.

Step 4: Paste the certificate

  1. Open cert.pem in a text editor
  2. Copy the entire content (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
  3. Paste into the Certificate (CRT) field

Step 5: Paste the private key

  1. Open privkey.pem in a text editor
  2. Copy the entire content
  3. Paste into the Private Key (KEY) field

cPanel may auto-fill this if the key was previously uploaded.

Step 6: Paste the CA bundle

  1. Open chain.pem in a text editor
  2. Copy the entire content
  3. Paste into the Certificate Authority Bundle (CABUNDLE) field

Step 7: Install

Click Install Certificate. cPanel will validate the files and activate HTTPS for your domain.

Step 8: Force HTTPS redirect

After installing the certificate, redirect all HTTP traffic to HTTPS:

  1. In cPanel, go to Domains (or Redirects)
  2. Enable Force HTTPS Redirect for your domain

Or add to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Verify

Visit https://yourdomain.com — you should see the padlock icon. Click it to confirm the certificate is issued by “Let’s Encrypt” (or your CA).

Troubleshooting

”The certificate and private key do not match”

The private key you pasted doesn’t correspond to the certificate. Make sure both files came from the same GetHTTPS session. Verify:

  • cert.pem is the certificate (starts with BEGIN CERTIFICATE)
  • privkey.pem is the key (starts with BEGIN PRIVATE KEY or BEGIN EC PRIVATE KEY)

“AutoSSL is replacing my certificate”

If your host’s AutoSSL is active, it may overwrite your manually installed certificate. Contact your hosting provider to disable AutoSSL for that domain, or just use AutoSSL if it provides a valid certificate.

Certificate shows in cPanel but site still says “Not Secure”

Clear your browser cache or try an incognito window. Also check for mixed content — HTTP resources on an HTTPS page.

Frequently asked questions

Can I use a Let’s Encrypt certificate in cPanel?

Yes. Generate one with GetHTTPS (no software to install) and paste the files into cPanel’s SSL/TLS Manager. Some hosts also offer Let’s Encrypt through AutoSSL.

How do I renew in cPanel?

If using AutoSSL, renewal is automatic. If you installed manually, generate a new certificate with GetHTTPS before the old one expires (day 60 of 90) and repeat the installation steps. See our renewal guide.

Can I install a wildcard certificate in cPanel?

Yes. Generate a wildcard certificate with GetHTTPS (requires DNS-01 challenge), then install it the same way. The wildcard will cover your main domain and all subdomains.

Does cPanel support ECC/ECDSA certificates?

Most modern cPanel versions (v78+) support ECDSA certificates. GetHTTPS generates ECDSA P-256 by default, which works in cPanel.

How do I check which SSL certificate is currently installed?

In cPanel → SecuritySSL/TLS Status. This shows the certificate details for each domain, including issuer, expiry date, and whether AutoSSL is managing it.

My host doesn’t show the SSL/TLS option in cPanel

Some hosting providers restrict SSL management on lower-tier plans. Contact your host’s support — they may need to enable it, or you may need to upgrade your plan. Alternatively, ask them to install the certificate for you (provide the PEM files from GetHTTPS).

Can I install SSL for addon/subdomain in cPanel?

Yes. The SSL/TLS Manager in cPanel shows all domains and subdomains. Select the addon domain or subdomain from the dropdown and install the certificate the same way. If using AutoSSL, addon domains are usually covered automatically.

Related articles

Getting Started 2026-05-08
How to Get a Free SSL Certificate (Step-by-Step Guide)
Get a free SSL certificate from Let's Encrypt in 5 minutes — no software to install, no account to create. Complete guide covering 4 methods, both challenge types, installation on 6 platforms, and troubleshooting.
Deployment 2026-05-07
How to Redirect HTTP to HTTPS
Force all traffic to HTTPS with server-side redirects. Configuration examples for Nginx, Apache, and .htaccess with 301 permanent redirects.
SSL & Certificates 2026-05-07
SSL Certificate Formats: PEM, PFX, DER Explained
Understand PEM, PFX/PKCS#12, and DER certificate formats. Learn which format your server needs and how to convert between them with OpenSSL.
Get a free SSL certificate in your browser
No installation, no account. Your private key never leaves your device.
Get your certificate