How to secure a cPanel-enabled account with a cPanel SSL certificate

This article discusses how cPanel can automatically generate, install, and renew SSL certificates on a cPanel-enabled hosting account.

About cPanel SSL

cPanel SSL is part of an initiative to encrypt as much World Wide Web traffic as possible. It is designed to make creating, installing, and renewing SSL certificates a simple and straightforward process.

Although cPanel SSL certificates are signed by a valid CA (certificate authority), there are some significant differences between these certificates and those issued by a traditional CA. For more information about these differences, please see this article.

Using cPanel SSL

cPanel SSL is enabled for all new and most existing shared and reseller cPanel accounts. To see if cPanel SSL is enabled for your account, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the SSL/TLS tool:
    • If you are using the Jupiter theme, on the Tools page, in the Security section, click SSL/TLS:

      cPanel - Security - SSL/TLS icon

    • If you are using the Paper Lantern theme, in the SECURITY section of the cPanel home page, click SSL/TLS:

      cPanel - Security - SSL/TLS icon

  3. Under CERTIFICATES (CRT), click Generate, view, upload, or delete SSL certificates.
  4. Under Certificates on Server, look in the Issuer column for cPanel, Inc.

When cPanel SSL is enabled for your account, you do not have to do anything else. The entire process of generating, installing, and renewing SSL certificates is done automatically. (The server has a process running that automatically renews cPanel SSL certificates every 90 days so they remain valid.)

Certificates can take up to four hours to generate for a new domain. If your site needs a certificate sooner, please reach out to A2's support team who will be happy to assist with publishing the certificate as soon as possible.

When cPanel SSL is activated for a cPanel account, certificates are created for every existing domain and any domain that you subsequently add.

When cPanel SSL is enabled for an account, it does not overwrite any existing SSL certificates that are already installed on the account. All non-cPanel SSL certificates take precedence and are enabled before any cPanel SSL certificates.


cPanel SSL is enabled by default, but there are instances when it cannot automatically generate an SSL certificate for an account. These include:

  • Other SSL certificates installed: If there is another SSL certificate of any type already installed (for example, valid, expired, or self-signed certificates), the cPanel SSL installer skips the domain and does not generate a certificate.
  • URL rewrites: Any URL rewrite rules that interfere with access to the public_html/.well-known directory can prevent cPanel SSL from generating a certificate. If you use URL rewrite rules, you can add the following line to your .htaccess file to make sure the .well-known directory remains accessible:
    RewriteRule ^.well-known - [L]
    For more information about URL rewrites, please see this article.

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.