How to improve SSL labs grade and automate renewal?

I am developing a website on, my hosting provider is on My provider runs Apache/2.4 and PHP 5.5

Currently I am using a PHP acme client to issue and renew certificates for my domain (GitHub - kelunik/acme-client: Let's Encrypt / ACME client written in PHP for the CLI.), it's pretty simple so far, the only downside is I don't know how to automate the process so I have to ssh and run these commands once every 3 months or so:

cd public_html/acme-client
bin/acme issue --domains --path /home/u233484638/public_html --server letsencrypt

then I copy my cert.pem and key manually to update them on my cpanel.

I recently found out about SSL labs and received a B grade (SSL Server Test: (Powered by Qualys SSL Labs)) for my domain, this is causing some issues with plugins I use that utilises wp cdn, I need to improve the grade to A in order for them to work correctly. How do I do this through the acme client I have? If possible can I automate the process? (I have access to cron jobs)

Note I have limited knowledge of how SSL works beyond knowing what certificates, keys and CA are, so any explanation is appreciated!

edit: I noticed I am getting

Chain issues Incomplete

on SSL labs, was this caused by deleting older certificates on the cpanel and how do I fix it?

I've never heard that before.
Nevertheless, to improve your SSLLabs grade you need to include the intermediate cert with the public cert.
Or just use the fullchain.pem instead of the cert.pem file.
You may also want to drop all the WEAK ciphers.

Thanks rg305 for the quick solution, I fixed the incomplete chain problem now and received a grade A. I think this should be good enough. How do I drop all weak ciphers?


I don’t think you can define server ciphers if you are only cPanel user not a admin.

I believe if you use their plan (but not Business), you can only upload cPanel to certificate manually.
Business seems to have free TLS Certificate.

Thank you

Ok then, I only have a standard plan on hostinger so I will stick to uploading the certificate and key manually, but is it possible to automate the renewal process with a cron job for example?

The easiest way to automate renewal with CPanels that don’t support Let’s Encrypt is to use the CPanel UAPI integration:


Huh, maybe we should write a cPanel installer plugin in Certbot using this method! (Although I fear that its existence might trick some users into not using the built-in cPanel Let’s Encrypt support that they have.) really pioneers a lot of great features.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.