cPanel - SSL

How to Install Free SSL Certificate using LetsEncrypt

In this article, we walk you through steps on how you can generate and install a free SSL certificate for your domain (video at the end). Important: Installing a certificate does will not force your browsers to visit the site via https:// – to do this, you would need to see our How to force your site to use SSL (https) guide. First, make sure you are logged in to your hosting account cPanel for the domain you wish to install the SSL certificate. Visit this guide to learn how to access cPanel: https://dash.wevrlabs.net/index.php?rp=/knowledgebase/2/How-to-access-cPanel.html Prerequisites: For this to work, there are some requirements that should be met first. - Your domain should be using the name servers presented for you in the service details page - visit this guide to learn how to find the correct name servers for your hosting plan: - https://dash.wevrlabs.net/index.php?rp=/knowledgebase/4786/How-to-View-Nameservers-and-Other-Service-Information.html - Your domain DNS has fully propagated and is now pointing to our servers. You can confirm this by visiting this website: https://intodns.com - The LetsEncrypt CA servers must be able to visit http://your-domain/.well-known/acme-challenge/xxx successfully ... These directories/files will be created automatically, but you should take care that you do not have any .htaccess rules that prevent access. Most users will fulfill these requirements automatically. Steps to Install SSL Certificate using LetsEncrypt: Go to the LetsEncrypt section in cPanel. Next, click + issue for the domain where you wish to install the new SSL certificate. Last step, choose the Validation method: use dns-01 if your domain is fully using our name servers and to be able to generate a wildcard certificate. Follow the other steps in the picture as described, then click the Issue button, and your SSL should be installed within a few minutes. At completion, the keys and certificates should be installed on the server, with a success message. Certificate renewal is automatically performed Your certificate will be attempted to be renewed automatically every day from the point it is 30 days from expiring. The prerequisites listed above for issuing must still be met during the renewal attempts, or the attempts will fail. Video Walkthrough Please keep in mind that you need to clear your browser cache to observe changes, this will depend on the browser you use.

How to Generate a Certificate Signing Request - CSR in cPanel?

For obtaining a certificate from a Trusted SSL Provider, the Certificate Signing Request(CSR) is required. You can generate a CSR from your cPanel. CSR is also required for self-signed SSL certificates. 1. Log into your cPanel account. 2. In the "Security" section, click on the "SSL/TLS" icon. 3. Under Certificate Signing Request, Click on "Generate, View or Delete CSR" Link. 4. Scroll down and enter the following details: - Domains: Enter your domain name like www.example.com (Domains with www will cover both non-www and www domains) - City: Your city name - State: Your state name Country: Choose your country name from the drop-down menu. - Company: Your Company name or leave it blank. - Company Division: Name of your company division. - Email: Enter your email address of domain like support @ example.com - Passphrase: Enter a passphrase (Maximum of 20 characters) and do not use special characters. 5. Finally, click on the Generate button. CSR will be generated and you need to copy CSR code and save it to your PC. You can use your CSR while purchasing an SSL or reissuing an SSL in future.

Why SSL is not working for my website

Note: this article applies only for shared or business hosting plans When your new hosting account is activated, you may notice SSL warnings while attempting to visit the domain linked with the hosting. That's because SSL is usually activated automatically in about 24 hours following domain DNS propagation. You need to be patient, as this is a normal procedure and how the internet works. Continue reading below to know more about how SSL issuing works. A Brief Background: The SSL issuing authority needs to first verify domain ownership before signing and providing SSL certificate for that domain (or otherwise, if there was no domain ownership verification process, then anyone could issue an SSL certificate for any domain even if they don't own it, and then spoof that domain, discarding the main purpose for inventing SSL in the first place). Now there are multiple ways used by SSL issuing authorities to verify domain ownership, such as verification via emails linked to the domain, HTML file, and DNS records. Since SSL is automated with our shared and business hosting plans, the method used here is inserting DNS record. Now domain DNS changes are not propagated immediately to all internet servers around the world, as it takes up to 72 hours for all servers to identify newly registered domains and DNS records modifications, and so the same for SSL issuing authority servers, the modification of DNS record may not be visible to them immediately. What is DNS propagation? DNS propagation is the process by which a domain DNS zone is populated by all the DNS servers around the world. Usually, DNS servers around the world store a cache of old DNS records and update them every 24 hours, this period is determined solely by the respective DNS server (your internet server provider for example may update their DNS servers every couple of days, and so on - other DNS servers like those operated by Google update more frequently - Your operating system also stores a DNS cache that gets updated when the system is restarted). When you order a hosting plan and at the same time order a domain from us to be linked with that plan, it usually takes a couple of hours for DNS propagation to complete. However, if you order a hosting plan but you chose to link a domain you already have with another provider, then the step here is to update the name servers for this domain to ours, in order for this domain DNS to point and to be served from the recently ordered hosting plan. In such case, and depending on your domain provider, DNS propagation may take up to 72 hours in this case. What if it is more than 72 hours yet no SSL appear to be active? First, you need to make sure that your domain DNS is starting tp propagate. Visit this website for DNS checks https://intodns.com You should see our name servers like the picture below: [(https://dash.wevrlabs.net/images/kb/50_dns-pass.jpg) If it does not show information like the above picture, you may need to review your domain name server settings, or if you recently modified name servers, please be patient as it can take up to 48 hours for new name servers changes to be reflected. As explained earlier, SSL will not be issued unless DNS is fully propagated, so please be patient and wait for the process to complete. After name servers changes take effect, the server will attempt to issue SSL automatically within 24 hours, but you can try to expedite this manually. Learn how to do this by reading this article: How to Install the Free SSL Certificate from cPanel Remember, if the manual generation fails, it is most likely due to SSL authority servers not yet updating their DNS info with the new name servers settings, so be patient and within few hours it should be installed. If name servers are now taking effect for more than 48 hours, next, try to clear your browser cache. Sometimes your browser stores the old SSL certificate for some time before refreshing SSL data for the domain. After that, visit this website to verify that SSL is indeed correctly setup and active for your website: http://sslshopper.com/ssl-checker.html You should get all checks OK just like in this picture below: [(https://dash.wevrlabs.net/images/kb/49_ssl-pass.jpg) If it is all green and OK as the above picture, it means that SSL is correctly active and properly configured for your domain. If you still see Not Secure label in the browser, Note that you need to make sure you are typing https in the address bar, sometimes this Not Secure label that appear in the browser address bar may be due to the fact that you are typing http instead of https in your website URL. [(https://dash.wevrlabs.net/images/kb/48_Screen-Shot-2021-05-17-at-10.09.41-PM.png) Learn more on how you can automatically redirect all traffic to HTTPS for your website. If the SSL tests above did not show all green like the screenshot, only then you can contact support to have a deeper look into the matter for you.

How to retrieve an CSR from cPanel?

If you generated your Certificate Signing Request (CSR) from cPanel and forgot your CSR then you can retrieve your CSR. Only follow this tutorial if a CSR was generated from cPanel. 1. Log into your cPanel account. 2. In the "Security" section, click on the "SSL/TLS" Icon. 3. Under the Certificate Signing Request, click on Generate, View or Delete CSR link. 4. Under Certificate Signing Requests on Server text, you can see your previously generated CSR. You can see the Edit and Delete options under the Action option. 5. Click on Edit option which is located under Action option. 6. Copy your CSR code which is located under the Encoded CSR: text. Copy the code from -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST-----

How to Remove a CSR code from cPanel?

When you generate a Certificate Signing Request (CSR) from cPanel, then save it, which is a good thing, maybe you don™t want to store it on your server. Instead, remove it because you can keep a CSR code on your PC so there is no need of storing it on the server. 1. Log into your cPanel account. 2. In the "Security" section, click on the "SSL/TLS" Icon. 3. Under Certificate Signing Request, Click on Generate, View or Delete CSR Link. 4. Under Certificate Signing Requests on Server text, you can see your previously generated CSR. You can see delete the option under Action. 5. Click on the Delete option which is located under the Action option and you will need to click on Delete again for the confirmation message. The CSR code will be removed and no longer stored on your server.

How to run AutoSSL on your Domains to install an SSL via cPanel?

If your domain is created recently, wait for a few hours so that the cPanel can automatically install an SSL on your domain. However, even after 24 hours, if an SSL is not installed on your domain, first check the last log of AutoSSL from cPanel >> SSL/TLS Status >> Certificate Status. If it is showing any errors, try to fix it or open a ticket with us. If it doesn™t show errors, it means that for some reason is was not automatically included by AutoInstall and you need to force cPanel to run AutoSSL on your Domain and install an SSL Certificate. You can run AutoSSL on your domain by following this tutorial. 1. Log into your cPanel account. 2. In the "Security" section, click on the "SSL/TLS Status" icon. 3. Click on the Run AutoSSL button and it will show a success or error message. If it shows a success message, it means an SSL will be automatically installed on your domain within the next few hours by cPanel and if it displays any error then check it and send that message to us so we can fix it for you. Note: Sometimes an AutoSSL takes a few to 24 hours to verify your domain. The SSL installation is fully automated.

How to Include or Exclude a Domain from AutoSSL in cPanel?

You can include or exclude your domain from AutoSSL. If your domain is newly created, wait for few hours so cPanel can automatically install an SSL on your domain. However, if an SSL is not installed on your domain even after 24 hours, first check the last log of AutoSSL from cPanel >> SSL/TLS Status >> Certificate Status. 1. Log into your cPanel account. 2. In the "Security" section, click on the "SSL/TLS Status" icon. 3. Under domains, choose the domain you wish to include and then click on the Include x domains during AutoSSL button and your selected domain/sub-domains will be included in AutoSSL. 4. Later, should you wish to exclude your domain, which you included, under Domains text tick mark the domains you wish to exclude and click on the Exclude x domains during AutoSSL button and your selected domain/subdomains will be excluded during AutoSSL. Note: Only domains included by you can be excluded. It means you can™t exclude domains unless they are added in the inclusion option by you.