How to Install SSL Certificate on cPanel WHM

An SSL certificate is essential for securing websites, encrypting data transmitted between servers and users, and building trust with visitors. It activates HTTPS and the browser padlock icon, signaling that a site is safe to browse or transact on.

For hosting providers, resellers, and server administrators using WHM (Web Host Manager), keeping client domains secured with valid SSL certificates is critical for both user trust and SEO performance. 

This guide is tailored for WHM users who want to automate SSL certificate installation and renewal using AutoSSL. Whether you're managing a single site or reselling hosting services, this walkthrough will help you secure your domains efficiently and maintain continuous protection with minimal manual effort.

How to Install SSL from WHM (via AutoSSL in cPanel)

Before running AutoSSL, ensure you have WHM access with root or reseller-level credentials and that the domain already points to your server’s IP address; once ready, log in to WHM and follow the steps below to automate the SSL installation.

Step 1: Go to your hosting client area (e.g. Verpex client portal), navigate to your hosting service, and click Log into WHM. Alternatively, you can go directly to https://your-server-ip:2087 and log in with your WHM username and password.

Step 2: In WHM, search for List Accounts in the left sidebar and click on it. Find the domain you want to secure. Click the cPanel icon next to that domain to log into its cPanel.

Step 3: In the cPanel dashboard, use the search bar at the top to type SSL/TLS Status. Click SSL/TLS Status under the Security section.

Step 4: On the SSL/TLS Status page, click the Run AutoSSL button at the top to start the SSL installation process.

Step 5: Wait for AutoSSL to complete. The system will automatically issue and install free SSL certificates for all eligible domains and subdomains.

Step 6: Verify the SSL installation. Visit your site using https:// and check for a secure connection (padlock icon). You can also review the SSL/TLS Status page for confirmation.

Verifying SSL Installation

Once your SSL is installed, either manually or via AutoSSL, it’s important to verify the setup.

• Browser Check: Visit your domain with https:// and look for the padlock icon in the address bar.

• SSL Labs by Qualys: Use SSL Labs by Qualys to run a full diagnostic test on your domain’s SSL configuration. It provides detailed insights on compatibility, trust level, expiry dates, chain issues, and overall security grade.

• Why No Padlock: Use Why No Padlock to detect insecure mixed content, such as HTTP elements on HTTPS pages. These issues can prevent the padlock icon from displaying in the browser.

If the test results are clean and your site loads securely over HTTPS with the padlock icon, your SSL certificate has been installed successfully.

Comparison Between AutoSSL and Manual SSL Installation 

Benefits for Resellers and Multi-Domain Hosting

• Improved Customer Trust: By securing every domain with HTTPS automatically, resellers can offer a safer browsing experience to their clients’ users. The padlock icon in browsers builds trust and helps clients avoid SEO penalties from unsecured sites.

• Reduced Risk of Expired Certificates: AutoSSL monitors certificate validity and renews them before expiration. This reduces downtime and prevents browser warnings caused by expired SSL certificates common risks when managing multiple domains manually.

• Competitive Advantage: Offering automated SSL as part of your hosting package enhances your value proposition. Clients are more likely to choose a provider that ensures their sites are always secure without requiring technical intervention.

• Scalable Security: As your client base grows, AutoSSL continues to scale effortlessly. Whether you're hosting ten or a hundred domains, it provides consistent, centralized SSL coverage across all accounts.

Troubleshooting Common Issues for AutoSSL

Even with AutoSSL enabled, occasional issues can prevent certificates from installing or renewing successfully. The following common problems and solutions will help you quickly identify and resolve any AutoSSL-related errors.

1. Domain Not Pointed to Server
AutoSSL requires the domain to resolve to your server’s IP address. If DNS records are incorrect or propagation is incomplete, the SSL issuance will fail. Verify the domain’s A record points correctly and is fully propagated.

2. HTTP Validation Fails (Let’s Encrypt)
When using Let’s Encrypt as your AutoSSL provider, HTTP-01 validation is required. If AutoSSL cannot access the /.well-known/acme-challenge/ directory over HTTP, issuance fails. Ensure:

• Port 80 is open and accessible.

• No redirects or firewalls block HTTP traffic.

• The domain is reachable via HTTP.

3. Rate Limits Reached (Let’s Encrypt)
Let’s Encrypt applies strict rate limits on certificate issuance and renewals. If you exceed these limits, you must wait before retrying. For details, see: Letsencrypt Rate Limits.

4. Mixed Content Warnings After Installation
AutoSSL secures the domain, but browsers may still display "Not Secure" warnings due to mixed content (HTTP resources on HTTPS pages). Use tools like Why No Padlock to identify and correct insecure elements.

5. AutoSSL Not Enabled for Account
If a domain does not receive an SSL certificate, AutoSSL may not be enabled for the cPanel account. In WHM, go to Manage AutoSSL, verify the account’s status, and confirm your chosen provider (Let’s Encrypt or cPanel Sectigo) is active. You can also run AutoSSL manually from this interface.

6. Domain Ineligibility
Some subdomains (e.g., mail.example.com, webmail.example.com, cpanel.example.com) may not pass validation if they don’t point to the server or are not accessible over HTTP. Either configure them correctly or exclude them from AutoSSL to prevent errors.

Addressing these issues promptly ensures your SSL installation is valid, secure, and browser-friendly.

Tips for Managing AutoSSL

1. Enable AutoSSL for All Accounts: Go to WHM > Manage AutoSSL and select your preferred provider (Let’s Encrypt or cPanel Sectigo). Enable AutoSSL globally so it covers all cPanel accounts automatically.

2. Understand AutoSSL Renewal: Once enabled, AutoSSL automatically renews certificates well before expiry, usually via a daily cron job. There is no need to manually track renewal dates or reinstall certificates.

3. Use AutoSSL Logs for Troubleshooting: If a certificate fails to install, review the logs in WHM > Manage AutoSSL > Logs. This provides detailed reasons for any failed validations or issues.

4. Exclude Specific Domains When Needed: In Manage AutoSSL, you can configure exclusions if certain domains or subdomains should not receive AutoSSL certificates (e.g. those pointed externally or behind firewalls).

5. Verify Installations Regularly: Although AutoSSL runs automatically, it’s a good practice to periodically check domains using tools like SSL Labs or Why No Padlock to ensure there are no mixed content issues or expired certificates.

Conclusion

Enabling SSL with AutoSSL in WHM is a simple, automated process  once configured, AutoSSL continuously issues and renews SSL certificates for eligible domains and subdomains, helping you maintain secure, trusted websites with minimal manual effort.

For hosting providers, resellers, and server administrators managing multiple domains, AutoSSL significantly reduces the time and complexity traditionally involved with SSL management. By automating certificate installation and renewal, it helps protect client sites, improve SEO, and ensure compliance with modern browser security standards.

To keep your hosting environment secure and competitive, enable AutoSSL and monitor it periodically. With AutoSSL in place, you can deliver a consistent and secure browsing experience across all your hosted domains  without constant oversight.

Frequently Asked Questions