Installing TLS/SSL certificate using Cpanel

Applicable To: Server/Hosting with cpanel
Updated: Friday, 04. October 2019 04:46 PM UTC

image for https

There are three things that you need at hand first to install a TLS/SSL certificate with cpanel and enable https for your website. This article assumes that you already have those at your disposal. If you didn't understand what I just said, then you can view my other article which will help you to get a free SSL certificate from Let's Encrypt for your domain/s.

The following is an example of how the certificates may be available to you:

  1. cert.pem: This is the certificate. The name or extension is irrelevent.
  2. chain.pem (optional): This is the CABUNDLE. The name or extension is irrelevent.
  3. privkey.pem: This is the private key. The name or extension is irrelevent. This may already be available in your cpanel if you created the CSR (Certificate sigining request) in your cpanel insead of a local machine or other places. Check the private keys section in TLS/SSL manager in your cpanel.

To be precise, we need a certificate, the private key which was used to create a CSR (Certificate Signing Request) for it and the CABUNDLE (also known as chain). It doesn't matter how or in which form these are available to you.

The CABUNDLE (Certificate Authority Bundle) is optional if it already exists/installed or needs to be installed just once.

If you don't have those files but you somehow happen to have the content (e.g in a terminal window where the certificate was printed for you), then the procedure is the same, except you will be copy pasting the certificates instead of uploading them.

The things we need to do

We will upload the certificate and private key files with cpanel and copy paste the content of chain.pem CABUNDLE (Certificate Authority Bundle). You can also copy paste the content of other two files too. It makes no difference. When opening the files with a text editor, make sure it is not one of your fancy editors like wordpad, MSWord etc...

Go to SSL/TLS manager in Cpanel

First login to cpanel and goto SSL/TLS manager.
cpanel image

Go to Private Keys section

Goto Private Keys (KEY) section.
cpanel image

Upload the private key

Goto upload area and browse for the file privkey.pem and upload it (or copy paste in the given box and click save). You may skip this step if the private key already exists in your cpanel.
cpanel image

Return to SSL/TLS manager

Go to the SSL/TLS manager again.
cpanel image

Goto Certificates (CRT) section

Now goto Certificates (CRT) section.
SSL/TLS manager image

Upload the certificate

Navigate to the upload section, browse for the cert.pem file and click upload (or copy paste in the given box and click save).
upload cert image

Review the installed certificates

Now in Certificates (CRT) section you will see your installed certificates.
upload cert image

Install the certificate

Click on install on the certificate you just uploaded.

You will be given a form which is almost filled with information from the uploaded cert and private-key files. If the private key field is not filled automatically, then open the Private Keys section in cpanel (in a new tab) again and copy paste the encoded key (key with ----BEGIN--- and -----END------) in the specified box (in previous tab, certificate install section).

The only other thing you will need to put here is the CABUNDLE. Open the chain.pem with a text editor and copy paste its' content in the given box.

certificate form image

Finally click install. It will be installed almost instantly and you will get a confirmation message like this one:

upload cert image

Note that all the things you will do copy paste, starts with something like ----BEGIN----- and ends with something like ----END----.

That's all. Now visit your site using https and forget about using http ever again.

Redirect HTTP to HTTPS

You might want your visitors to have the https version of your site always i.e redirect all http URL to https. You can do that with mod_rewrite in apache2. Put something like this on your .htaccess (or whatever access file you have) to redirect http to https:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}

Latest mozilla firefox shows green padlock.

This is how it looks like in my browser for one of my test sites:

image for live https with Let's Encrypt

To install SSL certificate using command line you can use sslic