This guide gives you step-by-step instructions on how to install an SSL certificate in cPanel. cPanel is one of the most widely used web hosting control panels, and the SSL installation is straightforward even without advanced technical skills.
Generate a CSR code
If you are buying a certificate from a Certificate Authority, start with a CSR (Certificate Signing Request). A CSR is a request you submit to the CA to apply for your certificate, and you cannot obtain the certificate without it. You have two options:
- Generate the CSR automatically with our CSR Generator.
- Follow our step-by-step tutorial on how to create a CSR in cPanel.
Submit the CSR to the Certificate Authority during your order. After the CA validates it and issues your SSL certificate, continue with the installation below. (If you only want a free certificate, skip ahead to AutoSSL, which does not require a CSR.)
Install an SSL certificate in cPanel
After validation, the Certificate Authority emails you the certificate files (or you download them from your account). You will need three things: the certificate itself, the private key you created with the CSR, and the CA bundle (the intermediate and root certificates). Then follow these steps. The labels below match the current cPanel interface (Jupiter theme).
Step 1: Open the SSL/TLS Manager
- Log into your cPanel account.
- Go to the Security section and select SSL/TLS.
- On the SSL/TLS page, under Install and Manage SSL for your site (HTTPS), click Manage SSL Sites.
Step 2: Select the domain
Scroll to the Install an SSL Website area. From the Domain drop-down list, select the domain you want to secure. If you generated the CSR and key inside cPanel for this domain, click Autofill by Domain and cPanel fills the boxes for you. Otherwise, paste the files in manually as described next.
Step 3: Paste the certificate, key, and CA bundle
Open each file in a plain-text editor and copy and paste its contents into the matching box:
- Certificate (CRT): paste the full contents of your certificate file, including the BEGIN CERTIFICATE and END CERTIFICATE lines.
- Private Key (KEY): paste your private key, including its BEGIN and END lines.
- Certificate Authority Bundle (CABUNDLE): this box is technically optional, but do not leave it blank. A missing CA bundle can cause SSL security warnings on mobile devices and older browsers. Paste both the intermediate and root certificates here. If the CA sent multiple intermediate certificates, paste them one after another to build the correct certificate chain.
Each block is plain text that begins with a line such as —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–. Include those header and footer lines when you paste.
Step 4: Install the certificate
Click Install Certificate. A confirmation message appears when the installation succeeds. cPanel applies the certificate immediately and rebuilds the web server configuration in the background, so you do not need to restart anything by hand. Open your site with https:// to confirm the padlock shows. To double-check the result, run it through our SSL Checker.
Free option: install SSL with AutoSSL
cPanel includes a free, auto-renewing option called AutoSSL. It provisions and installs a Domain Validated (DV) certificate from the provider your host has configured (commonly Let’s Encrypt or Sectigo), then renews it automatically before it expires. AutoSSL is a good fit for basic sites; choose a purchased certificate when you need Organization Validation, Extended Validation, or a wildcard. To use AutoSSL:
- In cPanel, open the Security section and click SSL/TLS Status.
- Select the domains you want to secure, then click Run AutoSSL.
- Wait for the check to finish. Each covered domain shows an AutoSSL certificate and renews on its own from then on.
If you installed a purchased certificate for a domain, exclude that domain from AutoSSL so the two do not conflict: on the SSL/TLS Status page, use the Exclude from AutoSSL control for that domain. If you do not see AutoSSL at all, your hosting provider may have disabled it at the server level. Contact them to enable it.
Frequently Asked Questions
When a purchased certificate is close to expiring, buy or reissue it, then install the new files the same way: Security then SSL/TLS then Manage SSL Sites, select the domain, paste the new certificate, key, and CA bundle, and click Install Certificate. The new certificate replaces the old one. If you use AutoSSL instead, renewal is automatic and you do not need to do anything.
Yes. cPanel’s built-in AutoSSL issues free Domain Validated certificates (commonly from Let’s Encrypt or Sectigo) and renews them automatically. Open Security then SSL/TLS Status, select your domains, and click Run AutoSSL. Free DV certificates cover basic encryption; buy a certificate when you need Organization or Extended Validation, a wildcard, or a longer support relationship.
cPanel manages the certificate for you, so you rarely need these paths. Each account’s certificates and keys are kept in the user’s home directory under ~/ssl/ and centrally in /var/cpanel/ssl/.
On EasyApache 4 (the current cPanel Apache) the per-domain SSL virtual-host configuration is generated under /etc/apache2/conf.d/userdata/ssl/, not /etc/httpd/.
If the server also runs cPanel’s nginx (ea-nginx) as a reverse proxy, its SSL configuration is written under /etc/nginx/conf.d/.
Manage everything from the Security section’s SSL/TLS tools rather than editing these files by hand.
Open Security then SSL/TLS Status. The domains table lists each domain with its certificate type and status, so you can see at a glance which domains are secured. The quickest check of all is to open your site with https:// and confirm the padlock appears in the address bar.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


