Using Let's Encrypt
Let's Encrypt is enabled for all our services. To see if Let's Encrypt is enabled for your account, follow these steps:
- Log in to cPanel.
- In the SECURITY section of the cPanel home screen, click SSL/TLS.
- Under CERTIFICATES (CRT), click Generate, view, upload, or delete SSL certificates.
- Under Certificates on Server, look in the Issuer column for Let's Encrypt.
When Let's Encrypt is enabled for your account, you do not have to do anything else. The entire process of generating, installing, and renewing SSL certificates is done automatically. (The server has a process running that automatically renews Let's Encrypt certificates every 90 days so they stay valid.)
When Let's Encrypt is activated for a cPanel account, certificates are created for every existing domain and any domain that is added later.
Troubleshooting
Let's Encrypt is enabled by default, but there are instances when it cannot automatically generate an SSL certificate for an account. These include:
Other SSL certificates installed: If there is another SSL certificate of any type already installed (for example, valid, expired, or self-signed certificates), the Let's Encrypt installer skips the domain and does not generate a certificate.
URL rewrites: Any URL rewrite rules that interfere with access to the public_html/.well-known directory can prevent Let's Encrypt from generating a certificate. If you use URL rewrite rules, you can add the following line to your .htaccess file to make sure the .well-known directory remains accessible:
RewriteRule ^.well-known - [L]