If your website is hosted on a cPanel server, securing it with a trusted SSL certificate is straightforward thanks to the ACME protocol. With support for commercial certificate authorities and automated deployment, you can set up HTTPS quickly using ACME.sh—without relying on AutoSSL or manual uploads.

In this tutorial, you’ll learn how to install an ACME SSL certificate on cPanel using the ACME.sh client. We’ll cover the full setup, including how to register with your certificate authority using EAB credentials, issue the certificate via webroot validation, and automatically apply it to your domain using cPanel’s native APIs.
This method works even on shared hosting, as long as SSH access is enabled.
What You’ll Need
Before you begin, make sure:
- You have SSH access to your cPanel account (either through the built-in Terminal or an external client like PuTTY).
- Your hosting provider allows custom shell scripts (most do by 2025).
- You have the following information from your SSL certificate provider:
- ACME Directory URL (e.g. https://acme.yourdomain.com/v2/DV)
- EAB Key Identifier (EAB KID)
- EAB HMAC Key
- Your domain points to the correct web hosting account (DNS should already be configured).
Step 1 – Open the cPanel Terminal
You can use cPanel’s built-in terminal or external SSH. The built-in terminal is faster for quick tasks, while external SSH is better for advanced work, custom scripts, or when you need a more stable session for longer operations.
Option A: Use cPanel’s built-in terminal
- Log in to your cPanel dashboard.
- Scroll to the “Advanced” section and click “Terminal”.
- Accept the prompt if this is your first time using it.
Option B: Use external SSH
You can also connect using an external SSH client like PuTTY or Terminal (macOS/Linux). Ask your hosting provider for:
- SSH hostname or IP
- Port number (some providers change it from 22)
- Login credentials
Step 2 – Install ACME.sh
Once inside the terminal, run the following command to install the ACME.sh client:
curl https://get.acme.sh | sh
After installation, restart your terminal session or run:
source ~/.bashrc
Then confirm it’s working:
acme.sh --version
You should see the current version number and copyright.
Step 3 – Register Your ACME Account
Now register with your SSL provider’s ACME server using your EAB credentials:
acme.sh --register-account \
--server "https://your.acme-server.com/v2/DV" \
--eab-kid "YOUR_EAB_KID" \
--eab-hmac-key "YOUR_EAB_HMAC_KEY"
The Key Identifier (KID) is usually a shorter string; the HMAC Key – a longer one. Paste them exactly as provided, with no extra spaces.
Ensure there are no spaces or extra quotes in your EAB values. These are usually case-sensitive and time-limited by your CA.
If you get a “command not found” error when running acme.sh, try running the full path instead:
~/.acme.sh/acme.sh
You can find the exact install location by scrolling up after installation. Look for a message like:
Installed to /home/yourusername/.acme.sh/acme.sh.
Step 4 – Issue the Certificate (Webroot Validation)
Now let’s issue the SSL certificate using your domain’s webroot path. This allows the ACME server to verify domain control by placing validation files in a folder the server can access publicly.
Run this command (replace the values accordingly):
acme.sh --issue \
--webroot /home/yourcpuser/public_html \
--domain yourdomain.com \
--domain www.yourdomain.com \
--server "https://your.acme-server.com/v2/DV" \
--eab-kid "YOUR_EAB_KID" \
--eab-hmac-key "YOUR_EAB_HMAC_KEY"
You can find your webroot path in cPanel’s main dashboard under “General Information” > Document Root or “Home Directory.”
Once you complete this step, your certificate files will be stored in ~/.acme.sh/yourdomain.com/
Step 5 – Deploy the Certificate to cPanel
Now you’ll apply the certificate to your domain using cPanel’s API:
acme.sh --deploy \
--domain yourdomain.com \
--deploy-hook cpanel_uapi
This command installs the certificate into cPanel’s SSL store, automatically applies it to the domain, and replaces any older certificate if present
To double-check the result in cPanel, go to SSL/TLS > Manage SSL Sites. Find your domain and confirm the certificate is listed
Step 6 – Confirm Renewal Is Scheduled
ACME.sh installs a cron job by default that attempts renewal ~30 days before expiry.
To test it manually, run:
acme.sh --cron --force
This simulates a renewal and deploys the updated certificate. If it succeeds, you’re fully set.
Common Questions
If you’re running into issues or just want to understand the process better, here are a few frequently asked questions to help clarify things.
What if I don’t know my webroot path?
In cPanel, go to File Manager, navigate to your main public site folder (usually /public_html/), and right-click > “Copy path.” Use that as your –webroot value.
Can I secure subdomains or staging sites?
Yes — just add multiple –domain flags:
--domain yourdomain.com --domain www.yourdomain.com --domain staging.yourdomain.com
What happens if I lose SSH access later?
Once the cert is installed and ACME.sh is set up with cron, the renewals happen automatically. But if you lose SSH access permanently, you’ll need to switch to a manual reinstallation method.
Final Words
You’ve now learned how to install an ACME SSL certificate on cPanel using ACME.sh, with full support for commercial certificate providers. From registering your account to deploying and renewing the certificate automatically, this method gives you reliable, recurring HTTPS without cPanel’s built-in limitations.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

