DEV Community

Cover image for ACME SSL Certificate Installation on cPanel
Eden Allen
Eden Allen

Posted on

ACME SSL Certificate Installation on cPanel

#acme #ssl #webdev #automation

1. Generate Certificate Requests Using ACME Client

ACME clients automate SSL issuance. Popular options include using acme.sh

Run the following command (on any server or local machine with shell access):

acme.sh --issue -d yourdomain.com -d www.yourdomain.com --webroot /path/to/public_html

This command:

  • Requests a certificate
  • Uses HTTP-01 verification
  • Creates challenge files for validation

2. Create the ACME Challenge Directory in cPanel

Login to your cPanel and:

  • Open File Manager
  • Navigate to public_html/
  • Create a new folder: .well-known
  • Inside it, create another folder: acme-challenge
  • Upload the ACME challenge files generated earlier into this directory.

Your challenge file URL will look like:

http://yourdomain.com/.well-known/acme-challenge/your-challenge-file

Verify in your browser that the file loads correctly.

3. Complete the Domain Validation

Return to the terminal where your ACME client is running and allow it to verify the challenge.

If everything is correct, ACME will issue:

  • Certificate File (cert.pem)
  • Private Key (privkey.pem)
  • CA Bundle (chain.pem)

Export them using acme.sh:

acme.sh --install-cert -d yourdomain.com \

--cert-file      ./cert.pem  \

--key-file       ./privkey.pem \

--fullchain-file ./fullchain.pem

4. Install the SSL Certificate Through cPanel

  • Log in to cPanel
  • Navigate to SSL/TLS
  • Click on Manage SSL sites or Install and Manage SSL
  • Select your domain
  • Copy-paste the certificate files:
    • Certificate (.CRT): Open cert.pem and paste contents
    • Private Key: Open privkey.pem and paste contents
    • CA Bundle (Optional but recommended): Open fullchain.pem (or chain.pem depending on your ACME client) and paste contents
  • Click Install Certificate

Once installed, your website should immediately switch to HTTPS.

5. Test Your Installed ACME SSL

Use tools like:

  • SSL Labs Test
  • WhyNoPadlock
  • cURL or browser inspection

Confirm:

  • No mixed-content warnings
  • Certificate chain is valid
  • HTTPS redirects are working properly

6. Set Up Auto-Renewal (Important)

ACME certificates typically last 90 days, so renewal automation is crucial.

If using acme.sh, enable auto-renew:

acme.sh --upgrade --auto-upgrade

The tool will automatically renew your certificates and notify you if you need to upload those renewed certificates manually in cPanel.

There are hosting companies that enable cron jobs so that you don’t need to worry about anything, but in the case of shared hosting, they often prefer you upload renewed certificates manually every 47 days.

Reference

How to Install an ACME SSL Certificate on cPanel?

Top comments (1)

Collapse
 
martijn_assie_12a2d3b1833 profile image
Martijn Assie

Clear and practical walkthrough that actually respects how shared hosting works, not just ideal setups!!
You explain the ACME flow without pretending everyone has root or native AutoSSL, which is refreshing...
The separation between issuance and cPanel install is especially useful for people stuck on locked down hosts?!
Nice touch calling out manual renewal reality, too many guides gloss over that pain...
Small tip from the field: if you control DNS, DNS-01 with acme.sh avoids webroot headaches and broken challenges entirely, even on cPanel setups!!