This will be a “quick” version guide on how to install a free SSL certificate for your website from Let’s Encrypt. I will not go into details on how it works – just how to get it done. I will post a separate post with more details on how it works and some precautions you need to take when using a service like ZeroSSL.
Quick Notes: It may seem that there are many steps in this guide – However – each step is fairly quick and the whole process can be done in less than 10 minutes. This guide is for CPanel in NameCheap hosting servers (Shared and Private) – However, it will also work with most CPanel interfaces from other hosting providers (GoDaddy, HostGator, etc..)
Let’s Get Started!
Step 1: Go to https://zerossl.com/free-ssl/#crt – This will take you directly to the SSL Certificate Wizard
Step 2: Enter your domain name in the Domain (Only if you have NO CSR) box
Step 3: Check the Accept ZeroSSL TOS and Accept Let’s Encrypt SA checkbox
Step 4: Verify that HTTP verification is selected (This is the default method and the easiest) – then click Next
Step 5: Click Yes on the prompt asking if you would like to Include www-Prefixed version too and wait for your CSR to get generated.
Step 6: After your CSR is generated – you need to download it and then click on Next to generate your Key (Refer to screenshot above)
Step 7: After your Key is generated – download it and then click next.
Step 8: You will be redirected to the Verification page where you have to download the files required for HTTP verification. These files will be uploaded to your web server via CPanel – you can also use FTP if you’re comfortable. Go ahead and download both files.
IMPORTANT: DO NOT click on Next before uploading the files. Proceed to Step 9 after downloading both files.
Step 9: Log in to your NameCheap account and go to manage your hosting server – NameCheap has SSO so you will be automatically logged in to CPanel. Here is link with information on how to access CPanel from within your NameCheap account – Click Here
Step 10: Once you’re logged in to CPanel – scroll down to the Files section and select File Manager
Step 11: In File Manager – expand your Public_HTML folder and create a new folder named .well-known (Note: The period in front of well-know is required)
Step 12: Select the .well-known folder and create a new folder named pki-validation. Once done, your structure tree should look like the one on the screenshot above.
Step 13: Upload the two files that you downloaded in step 8 into the pki-validation folder
Step 14: After you’re done uploading both files – go back to the ZeroSSL verification page and click on Next. Your certificate will then be generated. IF the verification fails, you will need to re-download two new verification files and will need to upload them – repeat steps 8 – 13.
Step 15: Download your CRT and Key files and then go back to your CPanel dashboard.
Step 16: Inside of the CPanel dashboard – scroll down to the Security section and click on SSL/TLS
Step 17: Under Certificates (CRT) – click on Generate, view, upload, or delete SSL certificates.
Step 18: Scroll down to Choose a certificate file (*.crt). and click on Choose File. Browse to the location where you saved your .CRT file and select it to upload – then click on the Upload Certificate button
Step 19: Your certificate will be imported and you will simply need to copy and paste your key – the file that was downloaded along with your .CRT file in step 15. Open the key file and you’ll be able to copy the key – it’s in plain text. Click on Complete.
Step 20: You’re done! You may need to click on Install in the certificates page – but it usually just gets automatically installed if you didn’t have a valid certificate before installing this new one.
Keep in mind:
- Save all of the files that were downloaded. Don’t delete them. Do make sure you keep them somewhere safe.
- Delete the verification files that were uploaded in the pki-validation folder
- Your certificate will not activate right away – you need to wait up to an hour for your website to register the new certificate (It usually takes about 5 minutes – just delete your browser history, cookies, etc.. and refresh the page.)
- Your new certificate will expire every 90 days – which is why it’s important to save all of your downloaded files in a safe space as they will be used to generate a new certificate in just a few steps.
- The certificate renewal process can be automated – stay tuned for the more detailed guide on how to set this up. Automating the renewal of your certificate allows you to simply set it and “forget it” – which is nice when you’re managing many sites.