bg-tutorials

How to Install an SSL certificate on WHM

In this guide, you will learn how to install an SSL certificate on WHM (Web Host Manager), the server-level control panel that sits above the individual cPanel accounts. The steps are the same whether you log in as the root administrator or with reseller privileges. The final section covers AutoSSL and the server hostname certificate.

WHM is the server admin panel; cPanel is the per-account panel. A certificate you install in WHM with Install an SSL Certificate on a Domain covers one domain or subdomain hosted on the server. If you only have access to a single cPanel account, follow the cPanel installation guide instead.

We also recorded a video that walks you through the entire process. You can watch the video, read the instructions, or do both. You can watch the video below.

Generate a CSR code in WHM

If you are buying a certificate from a Certificate Authority, you first need a CSR (Certificate Signing Request). A CSR is a plain text block that holds details about your domain and organization. The CA uses it to issue the certificate. Generating the CSR also creates the matching private key, which you will need during installation. You have two options:

Submit the CSR to the Certificate Authority during your order. After the CA validates it and sends you the certificate files, continue with the installation below. (If you would rather use a free, auto-renewing certificate and skip the CSR entirely, jump to AutoSSL.)

Install an SSL certificate on WHM

After validation, the Certificate Authority emails you a ZIP archive. Extract it. You should have:

  • your domain certificate, usually a .crt file;
  • the intermediate certificates, usually a .ca-bundle file (the CA bundle);
  • the private key you generated with the CSR (keep this one private).

Open each file in a plain text editor (Notepad on Windows, TextEdit in plain text mode on macOS) so you can copy the full contents, including the BEGIN and END lines.

Step 1: Open the installation screen

Log in to your WHM dashboard. In the search box at the top left, type SSL, then under the SSL/TLS section click Install an SSL Certificate on a Domain.

Step 2: Enter the domain

In the Domain field, type the exact domain or subdomain you want to secure (for example www.yourdomain.com). Leave the IP Address (non-user domains only) field blank unless you are securing a domain that is not tied to a cPanel account.

Step 3: Paste the certificate

In the Certificate box, paste the full contents of your domain certificate file (the one the CA emailed you). It begins and ends with these lines:

-----BEGIN CERTIFICATE-----
... certificate text ...
-----END CERTIFICATE-----

Step 4: Add the private key

In the Private Key box, paste the key you created together with the CSR. If you generated the CSR inside this same WHM server, WHM can fill the key in for you: click Autofill by Domain. If you have to paste it manually, open the key file and copy everything between the BEGIN and END lines. Depending on how the key was generated, the wrapper lines look like one of these:

-----BEGIN PRIVATE KEY-----
... key text ...
-----END PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
... key text ...
-----END RSA PRIVATE KEY-----

Each wrapper line uses five hyphens, with no spaces. Keep the private key confidential: it is the secret half of your certificate and only you should ever have it.

Step 5: Add the CA bundle

In the Certificate Authority Bundle (optional) box, paste the contents of your .ca-bundle file. This holds the intermediate certificates that let browsers link your certificate back to a trusted root. If the bundle contains more than one certificate block, keep them in the order the CA provided. WHM can often fetch the correct bundle on its own, but pasting it yourself avoids any chain issues.

Step 6: Install

Once all the fields are filled, click Install. WHM validates the certificate, key, and bundle, then applies the certificate to the web server and to the mail and FTP services for that domain. A confirmation message appears when it finishes. If you see an error, it usually means the certificate and key do not match or the CA bundle is incomplete: recheck what you pasted and try again.

Test your SSL installation

After installation, confirm the certificate is live and the chain is complete. Open your site in a browser with https:// and check for the padlock, then run a deeper scan with our SSL Checker for an instant status report. If you have shell access to the server, you can also read the served certificate directly:

echo | openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null | openssl x509 -noout -issuer -subject -dates

This prints the issuer, the domain it was issued to, and the validity dates. A mismatch in the domain, or a missing intermediate, points to a step worth revisiting.

AutoSSL and the server hostname certificate

WHM has two more SSL features that the manual installation above does not cover. Both are worth knowing.

AutoSSL (free, auto-renewing certificates)

AutoSSL issues and renews free domain-validated certificates for the accounts on your server. Open SSL/TLS > Manage AutoSSL, pick a provider on the Providers tab (the cPanel provider, powered by Sectigo, or Let’s Encrypt), and enable it. AutoSSL then covers domains automatically and renews them before they expire, so it is the simplest option when you do not need a paid certificate with organization or extended validation. A certificate you install manually with Install an SSL Certificate on a Domain takes precedence over AutoSSL for that domain.

The server hostname and service certificate

The certificate that secures WHM itself, plus services such as Exim (mail), Dovecot, FTP, and cPanel, is the service certificate, and it is separate from any single domain. To review or replace it, open SSL/TLS > Manage Service SSL Certificates. For the server hostname certificate to issue cleanly through AutoSSL, the hostname must be a fully qualified domain name that resolves to the server’s main public IP address.

Frequently asked questions

What is the difference between installing an SSL certificate in WHM and cPanel?

WHM is the server administration panel, used by root or reseller accounts, and it can install a certificate on any domain hosted on the server through Install an SSL Certificate on a Domain. cPanel is the per-account panel, where a single site owner manages only their own domains. The certificate, key, and CA bundle you paste are the same in both; the difference is the level of access.

Where do I paste the certificate, key, and CA bundle in WHM?

In WHM, go to SSL/TLS > Install an SSL Certificate on a Domain. The screen has three boxes: Certificate for your domain certificate, Private Key for the key you generated with the CSR, and Certificate Authority Bundle (optional) for the intermediate certificates. Paste each file’s full contents, including the BEGIN and END lines, then click Install.

Do I need a CSR if I use AutoSSL?

No. AutoSSL issues free domain-validated certificates automatically and handles the CSR and key for you. You only need to generate a CSR when you are buying a certificate from a Certificate Authority and installing it manually.

How do I secure the WHM server hostname itself?

The hostname and services such as mail and FTP use the service certificate, not a per-domain one. Manage it under SSL/TLS > Manage Service SSL Certificates. For AutoSSL to issue a hostname certificate, the server hostname must be a fully qualified domain name that resolves to the server’s main public IP address.

WHM says the certificate and key do not match. What now?

This means the private key you pasted was not the one created with the CSR for this certificate. Use the key generated alongside that exact CSR. If you generated the CSR in this WHM server, click Autofill by Domain to pull the correct key. If the key is lost, reissue the certificate with a fresh CSR and key from your Certificate Authority.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.