How to update - Let's Encrypt enabled cpanel SSL/TLS - newbe

GreenGeeks will add SSL for free - they use Let’s Encrypt, but GG will not explain the entire process (obviously they want to sell their auto service).
I want to update my site, but I don’t understand:
How certificates from Let’s Encrypt are actually obtained;
How I obtain CRT and KEY to update - I can see where to place these things in cpanel.
This is basic information I know, but I have not been able to piece it together so far.
If someone can make these steps clear, I will be very grateful indeed!
Thanks, Alan


It seems that GreenGeek is using cPanel AutoSSL (or FleetSSL) to help user to obtain a certificate.

It's requested by the server & installed automatically...

Take a look at the cPanel Documentation: cPanel & WHM Developer Portal

You don't need to obtain a crt / key, the feature will help you install it automatically.(you could view the crt & key in the certificate manager)

In conclusion, you won't need to do anything... (just to make sure your NS or A points to the server)..
If there is something that you'll need to do, the server probably will send you an email.

Thank you

Thanks for responding.
My GreenGeeks cpanel, under Security, SSL/TLS, shows the following options (below). I see no AutoSSL or FleetSSL. Selecting “Manage SSL sites” shows an option, “Update Certificate” and selecting that shows 2 empty fields for CRT and KEY. There is a button, “Autofill by domain” selecting that fills fields but with statement showing same expiration date (in 16 days) and message: “You should request a replacement certificate from the issuer (Let’s Encrypt) as soon as possible.”

I am still stuck.

GreenGeeks cpanel, under Security, SSL/TLS, shows the following options:

The SSL/TLS Manager will allow you to generate SSL certificates, certificate signing requests, and private keys. These are all parts of using SSL to secure your website. SSL allows you to secure pages on your site so that information such as logins, credit card numbers, etc are sent encrypted instead of plain text. It is important to secure your site’s login areas, shopping areas, and other pages where sensitive information could be sent over the web.

Private Keys (KEY)
Generate, view, upload, or delete your private keys.

Certificate Signing Requests (CSR)
Generate, view, or delete SSL certificate signing requests.

Certificates (CRT)
Generate, view, upload, or delete SSL certificates.

Install and Manage SSL for your site (HTTPS)
Manage SSL sites.

Hi @exploreforinstance,

As @stevenzhu says, the normal way to do this with cPanel is with a cPanel plugin that will handle the process automatically. This is very strongly recommended because otherwise the renewal process won’t be automated. Part of the concept of Let’s Encrypt is that renewal should be automated; the certificates are deliberately relatively short-lived and users who have to renew them manually often find the frequency with which they have to repeat the process annoying.

Previous threads about GreenGeeks seem to suggest that this may be the case and that GreenGeeks does not actually integrate Let’s Encrypt. Since these plugins make integration extremely straightforward for a hosting provider, this may be a deliberate decision on their part. :frowning:

The way that you obtain a certificate from Let’s Encrypt without hosting provider integration is by running a Let’s Encrypt client application, normally on the server. Most such client applications are primarily intended for use by the server’s system administrator. If you aren’t the system administrator, they may not be appropriate for you.

The easiest options if you’re not the system administrator are the web-based clients such as, which are reminiscent of the experience of using a paid CA except that they don’t require payment. At the end of the process, you’ll receive the certificate and key files in your browser and you could then import them in cPanel. But if you use this approach, you’ll have to repeat this process frequently. Currently, Let’s Encrypt certificates are only valid for 90 days.

1 Like

Thanks - you hit the spot exactly - zerossl was the way to go. I really appreciate you taking the time to address this issue - this is great information. And agree with your assessment of GreenGeeks - they actually did respond to my persistent questioning and finally stated they only handle their end, and will not comment on a process not theirs. It's a fine line they walk - they will set up the SSL for free but explain how it's done - I'm betting those days are numbered.
Anyway, thanks again!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.