Install Let’s Encrypt SSL for WHM Services & Hostname

This guide explains how to secure your WHM/cPanel server’s hostname and services with a Let’s Encrypt SSL certificate, including generating a self-signed certificate first, configuring AutoSSL, and verifying the setup.

Prerequisites

  • Ensure your server’s hostname (e.g., server.example.com) has a valid A record pointing to its IP address.
  • WHM/cPanel must be updated to the latest version.

Steps to Follow

Step 1: Generate a Self-Signed Certificate for the Hostname

(Required to avoid SSL errors before installing Let’s Encrypt)

  1. Log in to WHM as the root user.
  2. Navigate to: SSL/TLS → Generate an SSL Certificate and Signing Request.
  3. Under Generate a Self-Signed Certificate, fill in the following:
    • Host to Generate For: Select your server’s hostname (e.g., server.example.com).
    • Email Address: Enter a valid email (optional but recommended).
    • Key Size: 2048 (default).
    • Company details 
    • Passphrase
  4. Click Generate.
  5. If you have root access you can find the certificate at this location: /etc/ssl/certs/hostname.crt

Step 2: Set Let’s Encrypt as the AutoSSL Provider

  1. In WHM, go to: SSL/TLS → Manage AutoSSL.
  2. Under AutoSSL Provider, select Let’s Encrypt™.
    1. If you are not using Let’s Encrypt™, then ensure you update all your existing SSL certificates with Let’s Encrypt™. (See tab Manage Users)
  3. Click Save.

Step 3: Install Let’s Encrypt SSL for the Hostname

  1. Navigate to: SSL/TLS → Manage Service SSL Certificates.
  2. Under Service Certificates, click Browse Certificates for the following services:
    • Calendar, cPanel, WebDisk, Webmail, and WHM Services
    • Dovecot Mail Server
    • Exim (SMTP) Server
    • FTP Server
  3. Select the generated certificate. Sort by expiration date and choose the certificate which expires in 1 year. It will also have your hostname (e.g., server.example.com)
  4. The certificate details will be auto filled.
  5. Check all the services
  6. Click → Install.

Step 4: Update All Services with the New SSL

  1. Login as root using command line and run the following command via SSH to apply the SSL certificate to all services:
    # /usr/local/cpanel/bin/checkallsslcerts
  2. Wait for the process to complete.

Step 5: Verify the SSL Installation

  1. Access WHM securely via:
    https://server.example.com:2087
  2. Check the SSL certificate in your browser to confirm it’s issued by Let’s Encrypt.
  3. Use this website to test the Installed SSL on your host: https://www.ssllabs.com/ssltest/index.html 

Troubleshooting Tips

  • If the certificate fails to install:
    • Ensure the hostname’s DNS resolves correctly (ping your-hostname).
    • Check the server’s firewall allows outbound HTTP/HTTPS traffic (required for Let’s Encrypt validation).
  • For further help, contact your hosting provider or cPanel support.
  • Note: Let’s Encrypt certificates auto-renew every 90 days. WHM handles this automatically if AutoSSL is enabled.
raramuridesign consulting - web strategy, development, design