I am use to install SSL with cpanel without the need to install special software or using the hosting provider’s support. why is it so complicated here? can someone help me figure out where to start?
(and I do read the getting started page and it got me very confused)
My domain is: http://www.levinski-ofer.co.il/
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel
note: I have an SSL/TLS manage area, but I don’t know what to do with it in this case
cPanel has already issued and installed trusted certificates for your domain via its built in AutoSSL feature: https://www.levinski-ofer.co.il/
This is a perfectly good substitute for using Let’s Encrypt and is automatically handled for you in the background. If you were to change to Let’s Encrypt, your life would get hard because your provider hasn’t integrated it into their platform.
this ssl is not free and not automatically handled and about to expire, I have many sites and want to start using Let’s Encrypt on them on a regular basis.
I understood that having a SSL manage area in my cpanel should be enough to intall Let’s Encrypt’s certificates, but have no clue how to get it.
The idea of Let’s Encrypt is that web hosts should provide integrations for it, which automatically handle the issuing and renewal of your certificates. That generally requires intervention and cooperation from your web host.
There is a manual option, and that’s to manually issue your certificate (for example, using https://zerossl.com/free-ssl/#crt) and import it into your cPanel SS/TLS Manager. This works by ZeroSSL authorizing your domain and then giving you you a private key and Let’s Encrypt certificate to download, which you import into the SSL/TLS Manager in cPanel.
The manual option is strongly discouraged because it only provides the protection of a certificate for 90 days. It is not automatically renewed, you have to fully repeat the process at least every 90 days.
So you can understand that sticking to the AutoSSL option is preferable in the majority of cases, if you value not having the burden of manual renewal on your hands.
Your domain has been protected by AutoSSL since 2017. Are you saying that your host has been charging you for the use of AutoSSL?
You always have the option of moving to another cPanel host that does not charge for free and automatic SSL. There are plenty of them.
Nobody on this forum can do anything if your host is choosing to force people to pay for automated certificates.
In cPanel, navigate to SSL/TLS > Manage SSL Sites. Then select Domain: your.domain . Replace the content of the first box with the first section of the Certificate Chain. sudo cat /etc/letsencrypt/live/your.domain/fullchain.pem
You can then replace the content of the second box with the matching Private Key. sudo cat /etc/letsencrypt/live/your.domain/privkey.pem