How to get SSL certificate, I have SSH and cPanel


I do not know. I have a hosting package ( which is not costly ) with them. I have no idea how to get a certificate from here and how to put in on my hosting. Namecheap refuses to support Let’s Encrypt usage. With that in hand, I could only rely on advices that I get from here.

My experience with using Let’s Encrypt is close to zero.


Can you install a certificate through cPanel? Look for something called or containing “TLS” or “SSL”.


@Osiris, @Dilip’s original post appeared to say yes:

@Dilip, the biggest problem here might be the lack of automation because you will have to redo the process every 90 days (at least) when the certificate is going to expire.

In addition to installing various software on the server that can help obtain the certificate, you could also choose to use a service like to obtain the certificate in your web browser (then you can upload it to the control panel). This might be easier for you if you’re not used to installing software on the server and administering it from the command line. As @Osiris pointed out earlier, there is still the issue that you will need to install the certificate afterward, which you can probably do using cPanel based on what you said at the beginning.


This is what I have in cPanel


Is it a service that offers HTTPS like Let’sEncrypt ?

Thanks for helping out. :slight_smile:


Hi @Dilip,

Let’s Encrypt is the certificate authority which issues the certificates, but somewhat unlike certificate authorities, it has a public protocol or API which is used by software to obtain the certificates. So instead of getting them on Let’s Encrypt’s web site, you use some kind of client software to make the certificate request and then download and save the resulting certificate.

Many different kinds of client software for Let’s Encrypt exist, in fact perhaps dozens of them.

I work a bit on one called Certbot which is developed at the Electronic Frontier Foundation and is recommended by Let’s Encrypt. Certbot is meant to be installed by Unix system administrators directly on their servers and it obtains and (potentially) installs the certificates directly on Unix servers. However, this is only one of many options.

Another kind of option is “web-based clients”, which are web sites that you interact with in your browser and that replicate something somewhat like the experience of using a traditional paid CA, in the sense that the process at least appears to take place on a web site. However, the certificate that you ultimately obtain at the end is issued by Let’s Encrypt, just like the certificates that you would get using software like Certbot are. In that sense, these tools are just a different interface to the CA and to the certificate issuance process.

Web-based clients are potentially easier to use, especially for people without much system administration experience, because they don’t require installing software anywhere, and they can guide you through the process. The two most popular ones are


Each of these is developed by an independent developer, much in the way that the downloadable client applications also are.


The thing that Let’s Encrypt actually offers is digital certificates which can be used by your own server to offer HTTPS. With these certificates, people visiting your site over an HTTPS connection will not receive browser warnings or errors. Without them, you could still use HTTPS but visitors will be told by their browsers that the identity of the site they’re visiting cannot be confirmed, or that its digital certificate is invalid or missing. The certificates are necessary in order to make HTTPS work properly for people who visit your site, but the HTTPS technology itself is actually implemented by your server software (such as a web server like Apache or Nginx, among other possibilities).


Thanks again. I am trying to follow what you said. Will come back if I get stuck. :slight_smile:


I used . I am not at the verification part. Not sure how to proceed further


To verify domain ownership using HTTP verification, you will need to create appropriate files with specific text strings under your “webroot/.well-known/acme-challenge/” directory, where “webroot” is the main directory with your website pages. Please make sure that the files you have created are actually accessible (by clicking the links below in the File column) and have proper content before clicking “Next”.


Do you have a specific part of that instruction which is unclear or you have doubts you understand correctly?


You can very well setup letsencrypt on namecheap shared hosting with autorenew, you can see this post of mine.


I could not understand what to do. I know English, but this sound different. :disappointed:


Hi @Dilip, this is asking you to create a file at a specific location on your web site. Do you know how to do that in general? For example, if I asked you to create, would you know how to do that?


By the way, if anyone knows how to word it better - I’m open to suggestions :slight_smile:

@Dilip, what exactly seemed to be confusing to you? The concept of “webroot” for example or something else?


Yes, I can do that. But under webroot, it was asking for something already exists ( I thought so ). Thanks :grateful:


It could be my lack of experience with Let’s Encrypt. It sounded like under webroot, something is already installed.

webroot/.well-known/acme-challenge/" directory,

I do not have anything called acme-challenge installed. I don’t know whether ".well-known " should also exists before I proceed further. Thanks.



The intended idea here is that you just tell Certbot where the webroot directory is, and it will take care of everything else (it will create .well-known/acme-challenge and the necessary files there).

The webroot directory refers to the directory where, if you create a file text.txt, it would appear as That’s all Certbot wants to know here!


I’m sorry, I forgot that you were actually using ZeroSSL. For ZeroSSL, you will need to create the files that it tells you to. It will tell you what their names and contents should be. That does require creating .well-known/acme-challenge within your webroot. However, there does not need to be any pre-existing file within that directory; ZeroSSL will tell you all the files you need to create there.


Thanks @schoen

That’s is what I don’t know. I can create text files at webroot. But, what should be the contents ? I do not know the required file names either.


Aha, it looks like you were confused by

This could definitely be read to suggest that you already need to know what the files are. However, the intention is to help you decide whether or not ZeroSSL is right for you! That is, instead of “you need to create these files now”, the sentence intends to suggest “you will need to be capable of creating such files later on during the process, when instructed to do so by this site”.

When you actually begin the ZeroSSL workflow, it will subsequently tell you the files’ names and contents. These can’t be known or predicted in advance because they are chosen by the certificate authority (not ZeroSSL) in response to your individual certificate request. You don’t need to create any files until ZeroSSL specifically tells you to do so.

@leader, maybe you could add a word or two to this sentence that makes it clearer that “you will need to” refers to something that will subsequently happen during the process, and not as an up-front prerequisite for using the tool?