Let’s Encrypt SSL Cert with Auto Renew on cPanel in 10 Steps

  Uncategorized

Introduction

SSL certificates help secure your website by encrypting data transmitted between visitors and your server. Using Let’s Encrypt and ACME. You can install a free SSL certificate on your cPanel account and configure automatic renewal to ensure uninterrupted HTTPS protection.

Prerequisites

  • A cPanel account with SSH access enabled
  • A registered domain name pointing to the server
  • Access to the cPanel account credentials
  • Basic knowledge of SSH commands

Implementation

Step 1: Enable SSH and Set Up Access Key

Log in to your cPanel account and enable SSH access.

Navigate to:

Security → SSH Access

Click Manage Keys, then generate a new key and download the private key to your local machine (preferably in ~/.ssh).

Make a note of the passphrase, as it will be needed in the next step.

Optionally, change the downloaded key extension to .txt and update its permissions:

chmod 600 ~/.ssh/filename.txt

Step 2: Add the SSH Key Passphrase to the ssh-agent

This allows secure and automatic authentication.

ssh-add -K ~/.ssh/id_rsa

Step 3: Connect to the Server

Use SSH to connect to your cPanel account.

ssh -i ~/.ssh/filename.txt username@ip

Step 4: Download and install acme.sh

Install acme.sh using either of the following commands:

curl https://get.acme.sh | sh

Or:

wget -O – https://get.acme.sh | sh

Step 5: Reconnect to the Server

Exit the current shell and log in again to ensure the acme.sh alias is available.

exit

Step 6: Issue the SSL Certificate

Set Let’s Encrypt as the default certificate authority:

acme.sh –set-default-ca –server letsencrypt

Issue the certificate using the web-root method:

acme.sh –force –issue -d example.com -d www.example.com -w /home/username/public_html

Step 7: Deploy the Certificate to cPanel

Set the required deployment variables:

export DEPLOY_CPANEL_USER=myusername

export DEPLOY_CPANEL_PASSWORD=PASSWORD

Deploy the certificate:

acme.sh –deploy -d example.com -d www.example.com –deploy-hook cpanel

Step 8: Deploy SSL Using cPanel UAPI

This deployment method is supported on cPanel & WHM version 56 or later.

Set the cPanel username:

export DEPLOY_CPANEL_USER=username

Deploy the certificate:

acme.sh –deploy -d example.com -d www.example.com –deploy-hook cpanel_uapi

Note:

The cpanel_uapi deployment hook only deploys the first domain when certificates are renewed automatically. If you host multiple domains, issue separate certificates for each domain.

The automatic renewal cron job is configured during the acme.sh installation process.

Step 9: Verify the Auto-Renewal Cron Job

Check the cron configuration:

crontab -l

Example output:

23 0 * * * “/home/user/.acme.sh”/acme.sh –cron –home “/home/user/.acme.sh” > /dev/null

Step 10: Update the .htaccess File

To redirect all HTTP traffic to HTTPS, add the following rules to your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
</IfModule>

Conclusion

By following the above steps, you can install a free Let’s Encrypt SSL certificate on your cPanel account using acme.sh and configure automatic renewal. This ensures your website remains secure and continues to serve visitors over HTTPS without requiring manual certificate renewals.

LEAVE A COMMENT