Managing SSL/TLS Certificates: Generation, Upload, and Deletion
This guide walks you through the process of generating Certificate Signing Requests (CSRs), uploading vendor-provided certificates, viewing existing certificate details, and removing certificates via the cPanel SSL/TLS Manager.
Step 1: Accessing the SSL/TLS Manager
- Log in to your cPanel account.
- Navigate to the Security section and click on the SSL/TLS link. This page serves as the central hub for all certificate management tools.
Step 2: Generating a Certificate Signing Request (CSR)
A CSR is required when purchasing an SSL certificate from a commercial vendor.
- On the SSL/TLS Manager page, click the link under the Certificate Signing Requests (CSR) heading.
- Fill out the required fields, including the domain name (ensure it is correct), city, state, country, and organization details. The Key field can usually be left at the default 2,048-bit setting.
- Click the Generate button. The system will display the CSR text which you must copy and provide to your SSL certificate vendor. The corresponding Private Key will be automatically stored by cPanel.
Step 3: Uploading and Installing the Certificate (CRT)
Once your vendor provides the certificate file (CRT), use this section to install it.
- Return to the SSL/TLS Manager page and click the link under the Certificates (CRT) heading.
- Paste the CRT text provided by your vendor into the text box labeled Paste the certificate into the following text box. Alternatively, you can upload the .crt file directly if provided.
- Click the Save Certificate button.
- After saving, you must install it. Click the link Go Back to SSL Manager and then click the link under Install and Manage SSL for your site (HTTPS).
- Select the domain from the dropdown menu, and the system should automatically populate the Certificate, Private Key, and Certificate Authority Bundle (CABUNDLE) fields.
- Click the Install Certificate button. Your website should now be secured with the new SSL.
Step 4: Viewing or Deleting Certificates and Keys
- To view details or delete an existing Certificate (CRT), Private Key, or CSR, click on the corresponding link within the SSL/TLS Manager interface.
- Use the Search utility on those pages to find the specific item you need to manage.
- Next to the desired item, you will find options to View/Edit or Delete it from the server. Exercise caution when deleting, especially Private Keys for active certificates.
Troubleshooting and Expert Advice
Common Issues and Fixes
- If your site shows a warning after installation (Mixed Content Error), it means some resources (like images or JavaScript files) are still loading over unsecured HTTP instead of HTTPS. You will need to edit your website's code or configuration (e.g., in WordPress settings or .htaccess file) to ensure all links use HTTPS.
- If the automatic installation fails to find the Private Key, ensure you generated the CSR using cPanel. If you generated the CSR externally, you must manually upload the corresponding Private Key file via the Private Keys (KEY) section before attempting to install the CRT.
- Always use a 301 Permanent Redirect (via the cPanel Redirects tool or .htaccess) to force all HTTP traffic to the secure HTTPS version of your site after installation. This is vital for search engine optimization (SEO) and user security.
Security Best Practice
Never share your Private Key with anyone. Treat it as a password. If a private key is compromised, the certificate becomes useless and must be immediately revoked and replaced. If you are using free SSL via AutoSSL (like Let's Encrypt), cPanel handles the key management automatically, which is the preferred method unless specific commercial certificates are required.
