This guide shows you how to install a free, auto-renewing SSL certificate using a tool called acme.sh. This is perfect if your hosting plan doesn’t include free SSL or if you want to secure subdomains manually.

Prerequisites:

• A Namecheap Shared Hosting account (or similar cPanel hosting).
• Access to cPanel.

Step 1: Open Terminal in cPanel

1. Log in to your cPanel dashboard.
2. Scroll down to the Advanced section.
3. Click on Terminal.
4. If a warning appears, click “I understand and want to proceed”.

You will see a black screen with text. This is the command line interface.

Step 2: Install acme.sh

We will install the acme.sh tool, which talks to Let’s Encrypt to get your certificates.

1. Ensure you are in the home directory. Copy and paste this command and press Enter:

   cd ~

2. Run the installation command. Replace you@example.com with your actual email address (used for renewal notifications). Copy and paste this:

   curl https://get.acme.sh | sh -s email=you@example.com

   Wait for the text to stop scrolling. You should see “Install success!”

3. Refresh your terminal session. To make the new acme.sh command work immediately, run this:

   source ~/.bashrc

Step 3: Issue the SSL Certificate

Now we will ask Let’s Encrypt for a certificate. You need to know two things:

• Your Domain: (e.g., subdomain.example.com or example.com)
• Your Document Root: This is the folder where your website’s files live.
  • For main domains: It is usually /home/USERNAME/public_html
  • For subdomains/addons: It is usually /home/USERNAME/subdomain.example.com (Check cPanel Domains list to be sure!)

Run the Issue Command:

Replace yourdomain.com with your actual domain and /path/to/docroot with your actual document root.

~/.acme.sh/acme.sh --issue --webroot /home/YOUR_USERNAME/path/to/docroot --domain yourdomain.com --domain www.yourdomain.com --deploy-hook cpanel_uapi

• Note: If you see green text saying “Cert success”, the certificate has been created!
• Note: The --deploy-hook cpanel_uapi part attempts to install it automatically. If that fails (red error), don’t worry! We will do it manually in the next step.

Step 4: Install the Certificate in cPanel (Manual Method)

If the automatic install didn’t work, follow these steps to copy/paste the certificate manually.

1. Get your Certificate content. Run this command to display your new Certificate (CRT): (Replace yourdomain.com_ecc with the folder name shown in the success message from Step 3)

   cat ~/.acme.sh/yourdomain.com_ecc/yourdomain.com.cer

   • Action: Highlight the block of text including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. Right-click and Copy.

2. Get your Key content. Run this command to display your Private Key (KEY):

   cat ~/.acme.sh/yourdomain.com_ecc/yourdomain.com.key

   • Action: Highlight the block of text including -----BEGIN EC PRIVATE KEY----- and -----END EC PRIVATE KEY-----. Right-click and Copy.

3. Go to cPanel SSL/TLS Manager:

   • Go back to the cPanel main dashboard.
   • Search for SSL/TLS and click it.
   • Click Manage SSL sites (under “Install and Manage SSL for your site (HTTPS)”).

4. Paste and Install:

   • Domain: Select your domain from the dropdown menu.
   • Certificate: (CRT): Paste the Certificate code you copied earlier.
   • Private Key (KEY): Paste the Private Key code you copied earlier.
   • Click the Install Certificate button at the bottom.

Step 5: Verify and Maintain

1. Force a Renewal Test: To make sure auto-renewal is set up correctly, run:

   ~/.acme.sh/acme.sh --cron --force

   (If it says “Skip, Next renewal time is…” that means it’s working!)

2. Enable Auto-Upgrade for acme.sh: This keeps the tool itself updated.

   ~/.acme.sh/acme.sh --upgrade --auto-upgrade

Congratulations! Your site should now be secure with HTTPS.