Setting up SSL using CPanel and Let’s Encrypt

I have been meaning to update this site to use SSL for a while now.

Why SSL? – Quick answer: Security and Encryption. Any web traffic to an SSL enabled site ensures that the traffic is encrypted and information is transmitted securely.

Anyway, here is a quick guide to enabling SSL using a certificate generated from Let’s Encrypt.

Step 1:

Login to CPanel and head over to the SSL / TLS section.

SSL

Step 2:

If you do not already have one, create a Private Key. Make sure you keep this secure.

  • Key Size: 2048 bits

A private key is used to decrypt information transmitted over SSL. When you create an SSL certificate, the first step is to generate a private key file associated with that SSL certificate. You should generate a private key for each SSL certificate you create. This private key is very important and should be kept confidential. A copy of each private key should be kept in a safe place; there is no way to recover a lost private key.

Step 3:

One the Private Key has been generated, create a Certificate Signing Request (CSR). This is what is used to request a Certificate from a Trusted Certificate Authority.

If you obtain a certificate from a trusted SSL provider, you must complete the Certificate Signing Request form to provide the information needed to generate your SSL certificate.

Step 4:

Head over to https://zerossl.com/ and use the Free SSL Certification Wizard. This simplifies the process of requesting a free SSL certificate from Let’s Encrypt.

Include the following information:

  • Email address for certificate expiration reminders.
  • If using Let’s Encrypt for the first time, leave the section for the ‘Let’s Encrypt’ key blank. One will be generated for you.
  • Finally paste the CSR created in Step 3 in the CSR section and proceed.
  • Note: Let’s Encrypt certificates are only valid for 90 days.
  • Also, keep a copy of the generated ‘Let’s Encrypt’ key that has been generated. This will be required when renewing the certificate.

Step 5:

Once a request has been made, it will need to be verified. This is done so Let’s Encrypt can ensure that the certificate being generated for the domain is under your control. This helps prevent MitM attacks. You don’t want anyone coming and generating certificates for your domain.

Verification is made by creating a file with some text at the root of your domain or by editing DNS entries. It depends on whichever method you prefer.

The “Verification” screen

This screen does not require you to enter anything. It shows what needs to be done to prove your domain ownership. If you are using HTTP verification, then for each domain on your certificate you will be given a name and the content of the file to be created. Each name is also a link, so after you have created a file, you can click that link to make sure that the file is actually accessible and the content of it is what it should be. If you are using DNS verification, then you will be given a name for the DNS TXT record and its value. It will also show you how to check that your DNS changes became “visible”.

After creating a file or making DNS changes (and making sure those are visible) you can click “Next”. If everything is done right, you will be moved to the final screen (“Certificate”). If any error happens, then you will see verification results for those domains which have failed verification. After reading the results, click “Next” for the “Verification” screen to be displayed again with the new values for the domains which have failed. There will be no need to re-do those domains on your list which have succeeeded [sic] verification.

Step 6:

Once successfully verified, a free SSL certificate is generated. Copy the CSR key and head back to CPanel and upload it into the Certificates (CRT) Section. If everything has gone smoothly, it will be uploaded without any issues. Check the ‘decoded’ section to ensure everything looks correct.

Step 7:

Finally, we are ready to apply the SSL certificate. Head on over to the, ‘Install and Manage SSL for your site (HTTPS)’ section and under the ‘Install an SSL Website’ click the ‘Browse Certificates’ button. A pop up window will display the uploaded certificate. Select this.

Step 8:

This will automatically match the domain and certificate info. Save changes are you are ready to go!

Resources:

  1. https://letsencrypt.org/ – Let’s Encrypt
  2. https://zerossl.com/ – ZeroSSL
  3. https://documentation.cpanel.net/pages/viewpage.action?pageId=1507527 – CPanel  SSL/TLS section documentation
  4. https://www.sslshopper.com/what-is-ssl.html – What is SSL?