Skip to main content

Installing a Free SSL Certificate (Let's Encrypt)

security, ssl, letsencrypt, free, https 0 Was this answer helpful?

Let's Encrypt is a free, automated Certificate Authority that provides Domain Validated (DV) SSL certificates. Many cPanel servers include Let's Encrypt integration, making it easy to secure your domains at no cost.

Please note: Screens and options may vary slightly depending on your cPanel version and hosting plan.

Automatic Installation via AutoSSL

If your server uses Let's Encrypt as the AutoSSL provider, certificates are installed and renewed automatically for all domains on your account. To check:

  1. Log in to cPanel and go to SSL/TLS Status in the Security section.
  2. If certificates are already installed with "Let's Encrypt" or "cPanel" as the issuer, AutoSSL is handling things for you.
  3. Click Run AutoSSL to force an immediate check.

Manual Installation via Let's Encrypt Plugin

Some servers have a dedicated Let's Encrypt plugin in cPanel:

  1. In the Security section, look for Let's Encrypt SSL or SSL/TLS.
  2. Click Issue next to the domain you want to secure.
  3. Select whether to include the www subdomain and any other subdomains.
  4. Click Issue.

The certificate will be installed automatically and will renew before expiry.

Troubleshooting AutoSSL / Let's Encrypt

If AutoSSL fails to issue a certificate, common reasons include:

  • DNS not pointing to the server — The domain's A record must point to the server's IP address. Let's Encrypt validates by connecting to your server.
  • CAA record blocking issuance — If you have a CAA DNS record, it must include letsencrypt.org as an allowed issuer.
  • Rate limits — Let's Encrypt has rate limits (e.g. 50 certificates per registered domain per week). If you've recently issued many certificates, you may need to wait.
  • Redirects interfering with validation — If your .htaccess redirects all traffic (including the .well-known/acme-challenge/ path), validation will fail. Ensure the ACME challenge path is accessible over HTTP.

Certificate Renewal

Let's Encrypt certificates are valid for 90 days. AutoSSL or the Let's Encrypt plugin handles renewal automatically, typically renewing 30 days before expiry. No manual intervention is required.

Tips

  • Let's Encrypt certificates are functionally identical to paid DV certificates in terms of encryption strength.
  • Let's Encrypt does not offer OV or EV certificates. If you need organisation validation, you'll need a commercial certificate.
  • If you're using Cloudflare, Cloudflare provides its own SSL certificate. You can use Let's Encrypt for the origin server certificate alongside Cloudflare's edge certificate.

What Next?

Related Articles

knowledgebasedidyoufindanswer

Related Articles

Understanding SSL/TLS Certificates
Blocking IP Addresses
Enabling Hotlink Protection
Setting Up Leech Protection
Enabling Two-Factor Authentication (2FA)
« Back

  Tag Cloud

Embed Sharing HTML RSS Autopod Shows MediaCP intro file logging in browser cookies cpanel introduction gettingstarted overview email accounts setup password security forwarders routing autoresponder vacation webmail roundcube client outlook thunderbird imap smtp filters rules spam spamassassin filtering mailinglist lists spf dkim dmarc deliverability dns quota diskusage storage mx trace troubleshooting delivery calendar contacts caldav carddav catchall default pop3 protocols errors bounce files filemanager upload download ftp filezilla sftp permissions chmod backup restore htaccess images thumbnails resize git versioncontrol development domains addon subdomains aliases parked redirect redirects forwarding zone records arecord cname txt dynamic ddns nameservers explained beginner databases mysql phpmyadmin management remote access postgresql import export optimise repair performance ssl tls https certificates letsencrypt free ipblocker firewall hotlink bandwidth leech 2fa twofactor authentication login ssh terminal commandline imunify malware antivirus modsecurity waf metrics visitors stats analytics transfer usage logs accesslogs raw awstats statistics cpu memory resources limits software softaculous installer wordpress apps cms blog php versions configuration phpini cron scheduled automation errorpages 404 500 custom mime filetypes content nodejs python backups full archive partial selective wizard guided jetbackup selfservice advanced apache rewrite caching speed contact account profile theme style appearance bash multiphp migration moving cache clear

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

We Use Cookies

We use Google Analytics and Microsoft Clarity to understand how you use our site and improve your experience. Learn more in our Privacy Policy