This will be a “quick” version guide on how to install a free SSL certificate for your website from Let’s Encrypt. I will not go into details on how it works – just how to get it done. I will post a separate post with more details on how it works and some precautions you need to take when using a service like ZeroSSL.

Quick Notes: It may seem that there are many steps in this guide – However – each step is fairly quick and the whole process can be done in less than 10 minutes. This guide is for CPanel in NameCheap hosting servers (Shared and Private) – However, it will also work with most CPanel interfaces from other hosting providers (GoDaddy, HostGator, etc..)

 

Let’s Get Started!


Step 1: Go to https://zerossl.com/free-ssl/#crt – This will take you directly to the SSL Certificate Wizard

Step 2: Enter your domain name in the Domain (Only if you have NO CSR) box

Step 3: Check the Accept ZeroSSL TOS and Accept Let’s Encrypt SA checkbox

Step 4: Verify that HTTP verification is selected (This is the default method and the easiest) – then click Next

 

Step 5: Click Yes on the prompt asking if you would like to Include www-Prefixed version too and wait for your CSR to get generated.

 

Step 6: After your CSR is generated – you need to download it and then click on Next  to generate your Key (Refer to screenshot above)

Step 7: After your Key is generated – download it and then click next.

 

Step 8: You will be redirected to the Verification page where you have to download the files required for HTTP verification. These files will be uploaded to your web server via CPanel – you can also use FTP if you’re comfortable. Go ahead and download both files.

IMPORTANT: DO NOT click on Next before uploading the files. Proceed to Step 9 after downloading both files. 

 

Step 9: Log in to your NameCheap account and go to manage your hosting server – NameCheap has SSO so you will be automatically logged in to CPanel. Here is link with information on how to access CPanel from within your NameCheap account – Click Here

Step 10: Once you’re logged in to CPanel – scroll down to the Files section and select File Manager

 

Step 11: In File Manager – expand your Public_HTML folder and create a new folder named .well-known (Note: The period in front of well-know is required)

Step 12: Select the .well-known folder and create a new folder named pki-validation. Once done, your structure tree should look like the one on the screenshot above.

Step 13: Upload the two files that you downloaded in step 8 into the pki-validation folder

Step 14: After you’re done uploading both files – go back to the ZeroSSL verification page and click on Next. Your certificate will then be generated. IF the verification fails, you will need to re-download two new verification files and will need to upload them – repeat steps 8 – 13.

Step 15: Download your CRT and Key files and then go back to your CPanel dashboard.

Step 16: Inside of the CPanel dashboard – scroll down to the Security section and click on SSL/TLS 

Step 17: Under Certificates (CRT) – click on Generate, view, upload, or delete SSL certificates.

Step 18: Scroll down to Choose a certificate file (*.crt). and click on Choose File. Browse to the location where you saved your .CRT file and select it to upload – then click on the Upload Certificate button

Step 19: Your certificate will be imported and you will simply need to copy and paste your key – the file that was downloaded along with your .CRT file in step 15. Open the key file and you’ll be able to copy the key – it’s in plain text. Click on Complete.

Step 20: You’re done! You may need to click on Install in the certificates page – but it usually just gets automatically installed if you didn’t have a valid certificate before installing this new one.

 

Keep in mind: 

  • Save all of the files that were downloaded. Don’t delete them. Do make sure you keep them somewhere safe.
  • Delete the verification files that were uploaded in the pki-validation folder
  • Your certificate will not activate right away – you need to wait up to an hour for your website to register the new certificate (It usually takes about 5 minutes – just delete your browser history, cookies, etc.. and refresh the page.)
  • Your new certificate will expire every 90 days – which is why it’s important to save all of your downloaded files in a safe space as they will be used to generate a new certificate in just a few steps.
  • The certificate renewal process can be automated – stay tuned for the more detailed guide on how to set this up. Automating the renewal of your certificate allows you to simply set it and “forget it” – which is nice when you’re managing many sites.

 

Enjoy!

 

 

Categories: Technology

Leonardo Alcantar

Leonardo earned his Bachelor’s degree in Computer Science from The College of St. Scholastica and graduated with the highest distinction (Summa Cum Laude). He is now in the process of earning his Master of Science in Cyber Defense. With a background in developing solutions for highly regulated fields, such as finance and healthcare – Leonardo is always learning and earning certifications along the way to increase the level of service he can offer.