Checking and Manually Installing Let's Encrypt SSL Certificates via cPanel
cPanel's AutoSSL feature automatically provides and renews free SSL certificates, often using providers like Let's Encrypt. This guide shows you how to verify its status, perform a manual check, and troubleshoot common issues.
Part 1: Checking Current SSL Status
- Log in to your cPanel control panel.
- In the Security section, click on the SSL/TLS Status link.
- Review the domain list. Domains with a green lock icon indicate a secure domain with a valid certificate. Domains with a red icon or a certificate expiration date in the near future may need attention.
- If the certificate status is not green, look for a Run AutoSSL button or link on the same page. Click this to manually initiate the certificate check and installation process. This is the primary way to install a new certificate or renew one that is pending.
Part 2: Troubleshooting and Advice
Common Issues and Solutions
- **DNS Propagation:** The most frequent failure reason is that the domain's DNS records have not fully updated globally. AutoSSL requires the domain to point to the cPanel server for verification. Wait several hours after changing DNS before running AutoSSL again.
- **Incorrect Document Root:** Ensure the domain or subdomain is correctly pointing to a valid, accessible public folder (the document root). Let's Encrypt uses this location to place a temporary file for domain ownership validation.
- **.htaccess Blocking:** Check your .htaccess file (if one exists) for any rules that might be blocking access to the /.well-known/acme-challenge/ directory. This directory must be publicly accessible for AutoSSL verification to succeed.
- **Domain Ownership:** If a domain is marked as Excluded from AutoSSL, it may be due to administrative settings or if the domain is pointed to an external service. Contact your hosting provider if you cannot resolve this yourself.
Expert Advice for Security
Always ensure your website redirects all traffic from http:// to https:// after the certificate is installed. This is crucial for security and search engine optimization (SEO). You can often enforce this redirect using a rule in your website's .htaccess file or by using a setting within your content management system (CMS) like WordPress. If the certificate shows as valid but the browser still flags the site as insecure, the problem is usually mixed content (loading some assets like images or scripts over http instead of https).
