Manual Let’s Encrypt SSL Certificate Installation in cPanel/WHM

Manual Let’s Encrypt SSL Certificate Installation in cPanel/WHM
Overview
This guide explains how to manually generate and install a Let’s Encrypt SSL certificate on a cPanel/WHM server using Certbot.
Manual installation is particularly useful when cPanel AutoSSL cannot issue certificates, such as when the primary domain is hosted on a different server while only specific subdomains are hosted on the current cPanel server.
________________________________________
Prerequisites
Before you begin, verify the following:
• The domain or subdomain resolves to the correct server IP address.
• Port 80 (HTTP) is accessible from the internet.
• The website loads successfully over HTTP.
• You know the Apache DocumentRoot for the website.
• Certbot is installed on the server.
• Root or sudo access to the server is available.
________________________________________

0.1 Install Certbot
The installation procedure depends on the operating system.
AlmaLinux 8/9 or Rocky Linux 8/9
dnf install certbot -y
Ubuntu
apt update
apt install certbot -y
Debian
apt update
apt install certbot -y
________________________________________
0.2 Verify the Installation
After installation, verify that Certbot is available:
certbot --version
Example output:
certbot 2.x.x


Once the version number is displayed successfully, continue with the certificate generation process.

Step 1 – Verify DNS Resolution
Confirm that the domain points to the correct server.
Run one of the following commands:
dig yourdomain.com +short
or
host yourdomain.com
Example output:
103.xxx.xxx.xxx
If the returned IP address is different from your server IP, update the DNS records before proceeding.
________________________________________
Step 2 – Identify the Website DocumentRoot
Locate the Apache virtual host configuration.
Run:
httpd -S
or
grep -R "yourdomain.com" /etc/apache2/conf/ /etc/httpd/conf*
Locate the corresponding DocumentRoot.
Example:
DocumentRoot /home/username/public_html/yourdomain.com
This path will be required when requesting the certificate.
________________________________________
Step 3 – Generate the Let’s Encrypt Certificate
Replace the following values before running the command:
• Domain: yourdomain.com
• DocumentRoot: /home/username/public_html/yourdomain.com
• Email Address: admin@example.com
Execute:
certbot certonly \
--webroot \
-w /home/username/public_html/yourdomain.com \
-d yourdomain.com \
--email admin@example.com \
--agree-tos \
--no-eff-email
If the validation completes successfully, Certbot will display a message similar to:
Successfully received certificate.
The generated files are stored in:
Certificate
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
Private Key
/etc/letsencrypt/live/yourdomain.com/privkey.pem
________________________________________
Step 4 – Install the SSL Certificate in WHM
4.1 Log in to WHM
Sign in to WHM as root or a reseller with SSL installation privileges.
Navigate to:
WHM
→ SSL/TLS
→ Install an SSL Certificate on a Domain
________________________________________
4.2 Specify the Domain
Enter the domain or subdomain for which the certificate was generated.
Example:
yourdomain.com
________________________________________
4.3 Install the Certificate (CRT)
Display the certificate:
cat /etc/letsencrypt/live/yourdomain.com/fullchain.pem  (In Terminal)
Copy the complete output, including:


-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----


If multiple certificates are shown, copy the entire output.
Paste it into the Certificate (CRT) field in WHM.
________________________________________
4.4 Install the Private Key (KEY)
Display the private key:
cat /etc/letsencrypt/live/yourdomain.com/privkey.pem   (In Terminal)
Copy the entire key:


-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----


Paste it into the Private Key (KEY) field.
________________________________________
4.5 Configure the CA Bundle (CABUNDLE)
Click Autofill by Certificate.
WHM usually retrieves the required Certificate Authority bundle automatically.
If it does not, display the chain file:
cat /etc/letsencrypt/live/yourdomain.com/chain.pem
Copy the complete contents and paste them into the Certificate Authority Bundle (CABUNDLE) field.
________________________________________
4.6 Complete the Installation
Click Install Certificate.
After installation, WHM should display a confirmation message indicating that the SSL certificate has been installed successfully.
________________________________________
Step 5 – Verify the SSL Certificate
Open the website in a browser:
https://yourdomain.com
Alternatively, verify the certificate using OpenSSL:
openssl s_client -connect yourdomain.com:443 -servername yourdomain.com | openssl x509 -noout -issuer -subject -dates
Confirm that:
• The SSL certificate is trusted.
• The issuer is Let’s Encrypt.
• The certificate is valid.
• No browser security warnings are displayed.
________________________________________
Step 6 – Test Automatic Renewal
Although the certificate was installed manually, Certbot can still renew it automatically.
Run:
certbot renew --dry-run
Expected output:
Congratulations, all simulated renewals succeeded.
If the test completes successfully, automatic renewal is configured correctly.
________________________________________
Example
certbot certonly \
--webroot \
-w /home/icfpvtltd8740/public_html/icfaccounts.icfpvtltd8740.in \
-d icfaccounts.icfpvtltd8740.in \
--email admin@example.com \
--agree-tos \
--no-eff-email
Certificate:
/etc/letsencrypt/live/icfaccounts.icfpvtltd8740.in/fullchain.pem
Private Key:
/etc/letsencrypt/live/icfaccounts.icfpvtltd8740.in/privkey.pem
________________________________________

The recommended approach is to:

  1. Generate the SSL certificate manually using Certbot.
  2. Install the certificate manually through WHM → SSL/TLS → Install an SSL Certificate on a Domain.
  3. Repeat the process for each hosted domain or subdomain.
  4. Verify successful installation and confirm that certificate renewal is functioning correctly.

References

  • Verify DNS configuration before requesting a certificate.
  • Ensure the correct Apache DocumentRoot is used.
  • Test certificate renewal after every installation.
  • Monitor certificate expiry periodically to avoid service interruptions.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Step-by-Step Guide to Migrate Your WordPress Site to a New Host | Vcclhosting

Step-by-Step Guide to Migrate Your WordPress Site to a New Host Step 1: Back up your website...

How to Reset my cPanel Account Password?

If you can access your cPanel account, follow these steps to reset your password:1. Log into your...

How to update your cPanel Contact Information or receive a notification on reaching quota limit?

If you want to receive notification on reaching your disk quota, bandwidth usage limit, reaching...

How to Change cPanel Style/Theme?

Switching over to another cPanel theme with a different style is easy and there are two ways to...

How to Change Language of your cPanel?

cPanel supports a lot of languages, and if you want to change your cPanel language to your native...