How to Install an SSL Certificate from cPanel – Tutorial

Now that Google’s putting the pressure on moving everyone to SSL, it’s time for you to do so as well. These days, most hosting providers are giving out free HTTPS certificates and have teamed up with “Let’s Encrypt” so that all domains and subdomains can implement SSL. You can compare the latest hosting prices here, if you’re in search of a new provider.

In this tutorial, I’ll show you how to do this in a few easy steps from within cPanel. Let’s get started!


  1. Your hosting provider has the “Let’s Encrypt” cPanel plugin
  2. Your hosting provider also manages your DNS records

If your DNS records are maintained elsewhere, then this method won’t work. Allow your webhost to manage your DNS entries and you’re good to go!

For this tutorial, I’m going to enable HTTPS on my other website: www.bhagwad.com. Here’s a screenshot of how it currently is NOT secure:

Right now, my site doesn’t work over HTTPS. By the end of this tutorial, that will change!

Step 1: Locate the Let’s Encrypt Icon in cPanel

When you log into your cPanel, scroll down to the “Security” section to find the “Let’s Encrypt” icon as shown here:

Step 2: Generate the Wildcard Certificate using “Let’s Encrypt”

Clicking this will show you the list of sites hosted on your account. I already have SSL enabled for this site – wp-tweaks.com. But the other one is still insecure:

Since January 2018, Let’s Encrypt started issuing “Wildcard” SSL certificates. These certificates secure not just your root domain, but an unlimited number of sub-domains as well. So it’s extremely cost effective! So search for the domain you want to secure and click the “Get Wildcard” button in green as shown above.

You’ll be asked for a confirmation. Click “Confirm”:

It’s go through the setup process and finally generate a Wildcard certificate for your domain. You’ll get a confirmation message:

This should mean that you can now access your site through HTTPS with a valid SSL certificate. Congratulations! You can see that my site now works with HTTPS:

Install an SSL Certificate from cPanel

Install an SSL Certificate from cPanel

Step 3: Enforce HTTP for All Requests

However, our job isn’t done. Just because our site can be¬†reached via HTTPS, doesn’t mean that all requests will automatically be HTTPS! You probably have a lot of backlinks still point to the old http site. Also, many of your users will continue to type in the regular domain name into their address bars, which will lead them to the insecure, vanilla HTTP version.

What we need to do is force all http requests to the site to automatically reroute to HTTPS instead. Luckily, this is easily done using the same Let’s Encrypt cPanel plugin.

Warning:¬†Before you do this, make sure there’s no plugin or .htaccess rule that forces all requests to be plain HTTP. Otherwise, you’ll end up in an infinite redirect loop as the two rules conflict with each other and send all HTTPS traffic to HTTP and vice-versa!

To force all requests to your page to use HTTPS, go to your site in the same page and click the “HTTPS Settings” option from the dropdown box provided:

Here, enable the “HTTPS Enforce” button and turn it to “on”.

The next step is to ensure that all external requests that your site makes go to “https” URLs instead of “http” ones. So let’s say your stylesheet refers to some external CSS resource that’s coded as HTTP. The second “External Links Rewrite” option will ensure that all these outgoing links are converted to secure HTTPS instead. This will ensure that you don’t get the dreaded “mixed content” error message that will result in an invalid SSL status and scare your users.

If the resource you’re linking to doesn’t have an HTTPS enabled URL, then it won’t be downloaded. This is unfortunate, but there’s no getting around it. All requests from an SSL secure site have to be secure as well. Without that, the entire page will be labeled as insecure.

Step 4: Localize all Content that Doesn’t have an HTTPS url

In the previous step, if you have some external links that can’t be served over HTTPS, the best option is to download them and host them on your own site. Then go to where they’re referenced, and change the URLs to point to your own location with HTTPS instead.

This might be insufficient if the code you’re changing is a plugin or theme that’s maintained by someone else, since the next update will just revert the URLs back to insecure HTTP. But there’s no other workaround. You either need to ditch the plugin/theme altogether, or never update it, or commit to making the changes each time it updates (bad idea!).

So that’s all you need to know about installing your certificate via cPanel through the Let’s Encrypt plugin. From start to finish, it shouldn’t take you more than a few minutes!

Cloud Hosting Price Comparisons

Updated: 19th April 2018 Cloud hosting plans come from the very cheap to the very expensive. From Bluehost's low cost offering, to SiteGround's professional high end service. Unfortunately, there's no standardization in how the industry defines … [Continue reading]

Cloud Hosting vs Web Hosting – A Beginner’s Explanation

The past few years have seen the rise of something known as "cloud hosting". Previously we had the standard upgrade plan. Shared Hosting -> Virtual Private Server (VPS) -> Dedicated Hosting. Now a fourth time of web hosting is on the market, … [Continue reading]

Standardized Web Hosting Price Comparisons

Shopping for the best hosting prices can be a pain. While all the hosting companies display their prices, it's difficult to get an accurate comparison due to the way different providers structure their information. On this site, I've standardized … [Continue reading]

Why is Bluehost WordPress Hosting so Expensive?

If you're shopping around for WordPress hosting deals, you might notice an anomaly amongst the popular hosting providers. While most of them have pretty comparable pricing, Bluehost in particular has prices far beyond what the others charge. For … [Continue reading]

VPS Hosting Deals and Comparisons

Updated: 15th April 2018 Here are the most recent VPS hosting deals from the major service providers. Note that because different providers treat VPS hosting in different ways, it's not always easy to classify them accurately. For example, … [Continue reading]

How to Add Adsense to WordPress Posts

Putting Adsense ads on your site is the simplest way to monetize your blog. Luckily for us, Google has made it pretty easy. Here's a quick tutorial with screenshots on how to add Adsense to WordPress. Step 1: Log in to your Adsense Account If you … [Continue reading]

WordPress Hosting Deals and Comparisons

Updated: 16th April 2018 Note: I don't believe in popups, 3rd party tracking, or hiding coupon codes. All the links on this page adhere to my link guarantee. You can click them without worry! Here are the best WordPress hosting deals from … [Continue reading]

How to Remove Posts from the Homepage in WordPress

By default, new WordPress posts appear at the front of your blog. However, sometimes you don't want this to happen! Here's how to remove posts from the home page, so they don't appear in your feed. Step 1: Create a New "Dummy" Category The best way … [Continue reading]

Reliable Web Hosting Coupons and Deals

Most sites dealing with web hosting coupons and deals are shady. They run the gamut from outdated coupons, annoying popups, hiding the codes, installing malware, and tracking you. My site is different. Here you can find: Shared Web Hosting … [Continue reading]