Cpanel

Comprehensive Step-by-Step Guide to Enabling External SSL and Installing Third-Party SSL in cPanel: Full Details

July 16, 2025 No comments yet

Secure Sockets Layer (SSL) certificates encrypt data between a website and its users, ensuring security and boosting SEO. While cPanel offers free SSL via Let’s Encrypt, you may need to install a third-party SSL (e.g., from DigiCert, Sectigo, or Comodo) for enhanced features like extended validation (EV) or wildcard support. This guide provides a complete, step-by-step process to enable external SSL and install a third-party SSL certificate in cPanel, including prerequisites, certificate installation, and configuration. The process assumes you have cPanel access and the necessary certificate files from a third-party provider.

Prerequisites

Before starting, ensure the following:

  • cPanel access to your hosting account via https://yourdomain.com:2083 with appropriate credentials.
  • A purchased third-party SSL certificate from a Certificate Authority (CA) (e.g., DigiCert, Sectigo).
  • The certificate files provided by the CA, typically including:
    • Certificate File (e.g., yourdomain.crt or .cer).
    • Private Key (e.g., yourdomain.key).
    • CA Bundle/Intermediate Certificate (e.g., bundle.crt or ca-bundle.crt).
  • The domain is registered, and DNS is propagated to your server’s IP.
  • Administrative access or coordination with your hosting provider if root access is required.

Step-by-Step Process to Enable External SSL and Install Third-Party SSL in cPanel

Step 1: Obtain the SSL Certificate from the Third-Party Provider

  1. Purchase the SSL Certificate
    • Visit a CA website (e.g., DigiCert, Sectigo) and select the desired SSL type (e.g., Domain Validated, Organization Validated, or EV SSL).
    • Complete the purchase process and provide domain ownership verification (e.g., via email, DNS, or file upload).
  2. Generate a Certificate Signing Request (CSR)
    • Log in to your cPanel.
    • Navigate to Security > SSL/TLS > Generate, view, or delete SSL certificate signing requests.
    • Fill in the details:
      • Key Type: RSA (2048-bit recommended).
      • Domain: Enter your domain (e.g., yourdomain.com or *.yourdomain.com for wildcard).
      • City/Locality, State, Country: Provide accurate location details.
      • Company Name: Enter your organization name (required for OV/EV SSL).
      • Email: Optional, but useful for contact.
      • Password: Optional, leave blank unless required.
    • Click Generate, then copy the generated CSR and Private Key.
    • Submit the CSR to your CA during the certificate issuance process.
  3. Receive Certificate Files
    • After verification, the CA will email you the SSL certificate, private key, and CA bundle.
    • Download and save these files securely (e.g., yourdomain.crt, yourdomain.key, ca-bundle.crt).

Step 2: Log in to cPanel and Access SSL Management

  1. Log in to cPanel
    • Open a browser and go to https://yourdomain.com:2083.
    • Enter your cPanel username and password.
  2. Navigate to SSL/TLS Manager
    • In the cPanel dashboard, go to Security > SSL/TLS > SSL/TLS Manager.
    • This section allows you to install and manage SSL certificates.

Step 3: Install the Third-Party SSL Certificate

  1. Upload Certificate Files
    • In the SSL/TLS Manager, click Certificates (CRT).
    • Paste the content of your yourdomain.crt file into the Upload a New Certificate text box, or upload the .crt file directly.
    • Click Upload Certificate.
  2. Upload the Private Key
    • Go to Private Keys (KEY).
    • Paste the content of your yourdomain.key file or upload it.
    • Click Upload and ensure it matches the certificate.
  3. Upload the CA Bundle
    • Go to Certificate Authorities (CA Bundle).
    • Paste the content of the ca-bundle.crt file or upload it.
    • Click Upload to associate it with your certificate.

Step 4: Assign the SSL Certificate to Your Domain

  1. Install the Certificate
    • In the SSL/TLS Manager, click Install and Manage SSL for your site (HTTPS).
    • Select the domain (e.g., yourdomain.com) from the dropdown.
    • Ensure the following fields are populated:
      • Certificate: Select the uploaded certificate (yourdomain.crt).
      • Private Key: Select the uploaded private key (yourdomain.key).
      • Certificate Authority Bundle: Select the uploaded CA bundle (ca-bundle.crt).
    • Click Install Certificate.
    • cPanel will configure Apache to use the SSL for the selected domain.
  2. Verify Installation
    • Check the status message to confirm the certificate is installed successfully.
    • If an error occurs (e.g., key mismatch), re-upload the correct files.

Step 5: Configure and Test the SSL

  1. Force HTTPS
    • Go to Domains > Redirects.
    • Set a permanent (301) redirect from http://yourdomain.com to https://yourdomain.com.
    • Alternatively, edit the .htaccess file in public_html:
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  2. Test the SSL
    • Open a browser and visit https://yourdomain.com.
    • Use an SSL checker tool (e.g., SSL Labs) to verify the certificate’s validity, chain, and security (e.g., A+ rating).
  3. Update Internal Links (if needed)
    • For dynamic sites (e.g., WordPress), log in to the admin panel and update the site URL to https://yourdomain.com (e.g., in WordPress: Settings > General).

Step 6: Finalize and Monitor

  1. Restart Services
    • In cPanel, go to Service Status or use SSH: service httpd restart (or apachectl restart) to apply changes.
    • Ensure no downtime occurs during this step.
  2. Monitor Logs
    • Check Apache error logs (/var/log/apache2/error.log or /var/log/httpd/error_log) for SSL-related issues.
    • Use WHM’s Apache Status to confirm SSL is active.
  3. Notify Users
    • Inform visitors or clients of the secure connection if the URL changes from HTTP to HTTPS.

Alternative Method: Install via WHM (Root Access)

If you have WHM access:

  1. Log in to WHM at https://your_server_ip:2087.
  2. Go to SSL/TLS > Install an SSL Certificate on a Domain.
  3. Select the domain, paste the certificate, private key, and CA bundle, then click Install.
  4. Follow the same testing steps as above.

Additional Details and Tips

  • Certificate Types:
    • DV SSL: Domain validation, quickest to issue.
    • OV SSL: Organization validation, includes company details.
    • EV SSL: Extended validation, highest trust level.
    • Wildcard SSL: Secures a domain and its subdomains (e.g., *.yourdomain.com).
  • Renewal: Third-party SSLs require manual renewal (typically annually). Set reminders based on the expiration date.
  • Troubleshooting:
    • SSL Not Working: Verify the private key matches the certificate (use openssl x509 -noout -modulus -in certificate.crt | openssl md5 and compare with the key).
    • Mixed Content Errors: Use a tool like “Why No Padlock?” to fix insecure resources.
    • Chain Issues: Ensure the CA bundle is complete and in the correct order.
  • Security: Regularly update cPanel and Apache to avoid vulnerabilities.
  • Support: Contact your CA or hosting provider if installation fails.

Conclusion

You’ve now successfully enabled an external SSL and installed a third-party SSL certificate in cPanel. Your website is now secure with HTTPS, enhancing user trust and SEO. Monitor the site for a few days and address any issues promptly. For further assistance, refer to cPanel documentation or your CA’s support. Let me know if you need help with specific steps!

Leave a Reply

Your email address will not be published. Required fields are marked *