This will be a “quick” version guide on how to install a free SSL certificate for your website from Let’s Encrypt. I will not go into details on how it works – just how to get it done. I will post a separate post with more details on how it works and some precautions you need to take when using a service like ZeroSSL.

Quick Notes: It may seem that there are many steps in this guide – However – each step is fairly quick and the whole process can be done in less than 10 minutes. This guide is for CPanel in NameCheap hosting servers (Shared and Private) – However, it will also work with most CPanel interfaces from other hosting providers (GoDaddy, HostGator, etc..)

 

Let’s Get Started!


Step 1: Go to https://zerossl.com/free-ssl/#crt – This will take you directly to the SSL Certificate Wizard

Step 2: Enter your domain name in the Domain (Only if you have NO CSR) box

Step 3: Check the Accept ZeroSSL TOS and Accept Let’s Encrypt SA checkbox

Step 4: Verify that HTTP verification is selected (This is the default method and the easiest) – then click Next

 

Step 5: Click Yes on the prompt asking if you would like to Include www-Prefixed version too and wait for your CSR to get generated.

 

Step 6: After your CSR is generated – you need to download it and then click on Next  to generate your Key (Refer to screenshot above)

Step 7: After your Key is generated – download it and then click next.

 

Step 8: You will be redirected to the Verification page where you have to download the files required for HTTP verification. These files will be uploaded to your web server via CPanel – you can also use FTP if you’re comfortable. Go ahead and download both files.

IMPORTANT: DO NOT click on Next before uploading the files. Proceed to Step 9 after downloading both files. 

 

Step 9: Log in to your NameCheap account and go to manage your hosting server – NameCheap has SSO so you will be automatically logged in to CPanel. Here is link with information on how to access CPanel from within your NameCheap account – Click Here

Step 10: Once you’re logged in to CPanel – scroll down to the Files section and select File Manager

 

Step 11: In File Manager – expand your Public_HTML folder and create a new folder named .well-known (Note: The period in front of well-know is required)

Step 12: Select the .well-known folder and create a new folder named pki-validation. Once done, your structure tree should look like the one on the screenshot above.

Step 13: Upload the two files that you downloaded in step 8 into the pki-validation folder

Step 14: After you’re done uploading both files – go back to the ZeroSSL verification page and click on Next. Your certificate will then be generated. IF the verification fails, you will need to re-download two new verification files and will need to upload them – repeat steps 8 – 13.

Step 15: Download your CRT and Key files and then go back to your CPanel dashboard.

Step 16: Inside of the CPanel dashboard – scroll down to the Security section and click on SSL/TLS 

Step 17: Under Certificates (CRT) – click on Generate, view, upload, or delete SSL certificates.

Step 18: Scroll down to Choose a certificate file (*.crt). and click on Choose File. Browse to the location where you saved your .CRT file and select it to upload – then click on the Upload Certificate button

Step 19: Your certificate will be imported and you will simply need to copy and paste your key – the file that was downloaded along with your .CRT file in step 15. Open the key file and you’ll be able to copy the key – it’s in plain text. Click on Complete.

Step 20: You’re done! You may need to click on Install in the certificates page – but it usually just gets automatically installed if you didn’t have a valid certificate before installing this new one.

 

Keep in mind: 

  • Save all of the files that were downloaded. Don’t delete them. Do make sure you keep them somewhere safe.
  • Delete the verification files that were uploaded in the pki-validation folder
  • Your certificate will not activate right away – you need to wait up to an hour for your website to register the new certificate (It usually takes about 5 minutes – just delete your browser history, cookies, etc.. and refresh the page.)
  • Your new certificate will expire every 90 days – which is why it’s important to save all of your downloaded files in a safe space as they will be used to generate a new certificate in just a few steps.
  • The certificate renewal process can be automated – stay tuned for the more detailed guide on how to set this up. Automating the renewal of your certificate allows you to simply set it and “forget it” – which is nice when you’re managing many sites.

 

Enjoy!

 

 

Categories: Technology