How to Manage AutoSSL Certificates in cPanel

After you have enabled AutoSSL, the free SSL that’s auto-enabled forever, in WHM, then the next step is to make sure that the certificates have been added to your account. You can manage the certificates in the cPanel using the SSL/TLS interface. The following article applies to Shared Business Hosting customers as well as Reseller customers.

Please note this cPanel warning concerning the use of free autossl certificates with the shared IP address: If you do not have a dedicated IP address, web browsers that do not support SNI will probably give false security warnings to your users when they access any of your SSL websites. Microsoft® Internet Explorer™ on Windows XP™ is the most widely used web browser that does not support SNI.

How to Add a Certificate using AutoSSL

If your AutoSSL option “Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates” is set to on, then it will automatically replace any certificate that is expired within your server. You would not need to follow the steps below as the certificate would be installed. Note that this option is not set by default in order to stop the feature from overriding EV or OV certificate with a DV certificate.

  1. Login to the cPanel.
  2. Scroll down until you find the SSL/TLS icon.
Select the SSL/TLS icon in cPanel
Select the SSL/TLS icon in cPanel
  1. Click the link under Certificates (CRT).
Click on the Certificates (CRT) link.
Click on the Certificates (CRT) link.
  1. Scroll down the list until you find the domain that needs to have the certificate installed. Click on the Install link in order to make sure that the certificate is installed.
Find the that needs a certificate and click on Install
Find the that needs a certificate and click on Install

  1. Once the installation is complete, scroll down until you see the link to return to the SSL Manager. Click on the link.
  2. In order to see if the certificate has been applied, you can click on Manage SSL sites. Scroll down and you can see if a green padlock is applied to the URL where you installed the certificate.
Manage SSL sites
Manage SSL sites

Run AutoSSL in SSL/TLS Section

If AutoSSL doesn’t install on a specific domain, you can also force the installation in the SSL/TLS Status section.

  1. Login to the cPanel.
  2. If AutoSSL doesn’t install on a specific domain, you can also force the installation in the SSL/TLS Status section.
  3. Select Run AutoSSL or specify the domain(s) beforehand.
cPanel SSL status
cPanel SSL status

How to Delete an AutoSSL certificate

If your AutoSSL option “Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates” is set to on, then it will automatically replace any certificate and apply certificates to the domains in the account. So, if you have multiple domains and you intend to have some domains with SSL and some without, then you should turn this option off.

  1. Login to the cPanel
  2. Scroll down until you find the SSL/TLS icon.
Click on the SSL/TLS icon in cPanel
Click on the SSL/TLS icon in cPanel
  1. Click the link under Certificates(CRT).
Click on Certificates (CRT)
Click on Certificates (CRT)
  1. Scroll down until you find the domain name with the certificate you wish to delete. To the right, you will see a link labeled Delete. Click on this link to complete the deletion.
List of SSL Certificates Installed
List of SSL Certificates Installed
  1. In order to completely remove the certificate click on Return to the SSL Manager at the bottom of the page. Then click on Manage SSL Sites.
Manage SSL certificate view
  1. Next, you need to find the URL that you’re trying to remove the SSL certificate from. To the right you’ll see the option for Uninstall. Click on Uninstall and you’ll get a warning saying that this is a permanent change. Confirm it and the certificate will be removed from the domain. You can then verify by testing the URL in a browser.
Click on Uninstall to remove a Certificate
Click on Uninstall to remove a Certificate

Congratulations, you know how to add or delete SSL certificates in the cPanel interface. For more information please see our SSL Tutorials.

But wait, there’s more…

How to Check AutoSSL On The Command Line

Many users prefer to get work done on the command line, as this can often speed up various tasks, there is a cPanel script available that can check SSL status on the command line.

This script runs on a daily cron job. But it can be useful to run it manually in the event of troubleshooting unexpected issues.

Using the cPanel AutoSSL Script

To run this script, log into your server via SSH, and type in the following:

/usr/local/cpanel/bin/autossl_check

Useful Options

You can check SSL for a specific user using the --user option:

/usr/local/cpanel/bin/autossl_check --user=username

Likewise, you can check all domains in your cPanel configuration:

/usr/local/cpanel/bin/autossl_check --all

Be sure to check out related resources from the support center:

AC
Arnel Custodio Content Writer I

As a writer for InMotion Hosting, Arnel has always aimed to share helpful information and provide knowledge that will help solve problems and aid in achieving goals. He's also been active with WordPress local community groups and events since 2004.

More Articles by Arnel

12 Comments

  • I get this error everytime i run autossl:
    DNS DCV: No local authority: “umu.design”; HTTP DCV: The system failed to obtain filesystem information about “/home/umudesign/public_html/.well-known/pki-validation” because of an error: Not a directory

    please help

    • I thought this may be due to a domain with DNS that is not managed on the server, but when I tested I was not able to replicate the error. If you’re hosted with InMotion I recommend contacting our live support team since this doesn’t seem like typical behavior.

  • Hello,

    I’ve installed the free ssl certificate. How do I make sure people connect to the https version of my blog when typing its address?

     

    Thanks

    • AutoSSL should auto-renew. If it doesn’t, you can force the installation again. If that doesn’t work, you may need to remove the expired SSL’s and maybe even the HTTPS redirect on any domains not receiving a new AutoSSL within 24 hours. You could set the HTTPS redirect after AutoSSL completed.

      Another option, although only for VPS users, would be to enable the following at the bottom of the Options tab.

      Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.
      This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users’ CA-issued certificates if they are invalid or expire within 3 days.
      Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.

      • My site shows SSL is installed and all has been well until the last few days. All pages except the main (index.htm) page are not showing the lock and are “unsecure.” Not sure what’s going on suddenly. Appreciate any help. Thank you…

Was this article helpful? Let us know!