My understanding is that cPanel has good automated requesting and installation of TLS certificates built in, and that any hosting provider that doesn't use it has specifically removed it in order to either attempt to "upsell" you to their paid TLS services by explicitly making it hard to do, or is just outright incompetent. I've not actually used cPanel myself, though, so I might not be understanding the dynamics completely.
There were several threads by @tlrenkensebastian along those lines which had some good advice and links to articles in them I think you could use, though some of it is focused more on convincing the site owners rather than the hosting companies: