While I believe that @Osiris is pointing you on the right path, I’ll give you some basics.
The main idea behind getting certificates from Let’s Encrypt (or almost anywhere for that matter) involves proving that you control the domain. The process of getting a certificate generally involves the following:
- Generate a private key and create a certificate signing request (CSR). These can be accomplished by a “client”, through running some commands, or through the SSL widget in the SECURITY section of cPanel.
- Submit your CSR and prove that you control the domain(s). These “challenges” can be accomplished by a “client” if it has permissions to do so or by a manual/scripted process of adding the necessary DNS TXT record(s) through your domain registrar or placing certain files in the right place through your hosting.
- Have Let’s Encrypt verify that the “challenges” have been satisfied and get your certificate. This is either automatically or manually accomplished through a client.
- Install/copy the certificate and its private key to the correct place. This can be accomplished by a “client”, through some commands/scripting, or through the SSL widget in the SECURITY section of cPanel.
Viola! Encryption. An automated client (like certbot or acme.sh) can automate some or all of these processes given that you have the permissions and technical skills and patience to install and configure it. There are also manual solutions, like the page on my website, that will get you a single certificate now, but you will need to either repeat the process every couple of months (taking about 10 minutes each time) or download, learn, and configure one of these “automated” clients in the meantime.