Image default

How to manually install an SSL certificate in cPanel for HTTPS


Websites of all sorts are turning to HTTPS connections for improved security. Using SSL encryption is even more important if your website relates to business or you are selling products on it. Apart from helping to boost your page rankings on search engines, SSL encryption helps to boost your visitors’ trust in your website and its products when they see that you have taken the effort to secure their interactions with the website.


Most web hosting plans, especially pricier ones, come with SSL certificates included. However, you may wish to obtain a separate SSL certificate for various reasons, such as from a more trusted provider or for a certain type of encryption. If so, you will probably have to manually install your SSL certificate.


SSL certificates (in .crt format) can be found at a number of SSL providers. Once you have obtained your certificate, you can proceed to install it on your website with these following steps:


  1. In your cPanel, navigate to the Security section and select SSL/TLS.
  2. Go to Certificates. Under “Generate, view, upload, or delete SSL certificates”, choose to upload a certificate.
  3. Upload your certificate file. It should end in .crt.
  4. Go back to the SSL section and you should see an option called “Install and Manage SSL for your site”. Click on this.
  5. Click on “Manage SSL Sites”. Scroll down the page to the section titled “Install an SSL Website”.
  6. Select “Browse Certificates”. Choose the certificate you are adding and confirm it on “Use Certificate”.
  7. Finally, click on “Install Certificate” at the bottom of the page.

Congratulations, your website is now encrypted with SSL! To check if the encryption is working properly, try it out by visiting your website with HTTPS instead of HTTP. If the certificate has been successfully installed, you should see the secure lock icon show up next to the address bar when you visit your website with HTTPS. However, your website might need updating, as some links or images could be set to using HTTP (in which case, you might get a mixed content warning)


If you are unable to find the option for Manage SSL Sites in cPanel, it is possible that your hosting provider has disabled the feature. In that case, you may have to contact your web host or search their documentation for installing SSL certificates on their servers. Some hosting providers may only allow certificates issued by them.


Making the Most of Your SSL Certificate

Most SSL certificates cost money, especially for business use. Since you now have encryption, it would make sense for all your visitors to be using the secure version of your site. This can be enforced through a couple of measures so that you and your visitors can enjoy the SSL connection to its full extent.



Even if you have successfully installed SSL, visitors to your website can still be served the ordinary unencrypted connection if you do not force HTTPS on. This tends to happen if a visitor keys in your website’s URL without any HTTPS prefix. Sometimes, visitors may be unaware that they are viewing the unsecure version, or that there even is a secure version.


To rectify this, you could set up a redirect in your cPanel to send all traffic coming to HTTP to visit HTTPS instead. Alternatively, you could also use .htaccess to force all visitors to use HTTPS. Simply enter the following lines of code in your .htaccess file, or create one if you do not already have it:

RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]


By forcing all visitors to use the secure version of your website, you maximize the use of your SSL certificate and also deliver peace of mind to all your customers.


Avoid Content From Unsecure Sources

Try not to embed content from external sources in your website, particularly those served over non-HTTPS connections. If a secure page contains an unsecure element from an unencrypted external source, most web browsers will flag it as a warning and notify the end user that the page contains content from unsecure sources. Additionally, the content from these sources could also listen in on your visitors’ interaction with your website, rendering encryption useless. The warning and broken lock icon also does not do much to reassure visitors that your website is secure.


To avoid this, make sure that any external media or content you are embedding in your page is available through a HTTPS connection. Sometimes, you may be able to download assets, such as open source libraries, and upload them directly to your server so that everything is served internally and encrypted. It is usually best to include only content from your website or from well-known content delivery networks. These should offer SSL encryption for embedding their assets.