How to install Let’s Encrypt Free SSL Certificate via ZeroSSL and GoDaddy’s cPanel hosting

Mark Gavagan
5 min readJun 27, 2018

UPDATE (May 2020): I tried to renew a dozen SSL Certificates with ZeroSSL, using exactly the instructions below (used by 13,000+ readers of this article), and found out ZeroSSL now charges on a subscription basis for their service.

Instead of yet another bill to pay every single month, I switched to SiteGround hosting, with includes *FREE SSL Certificates* (they auto-renew every 90 days, free, so I don’t have to waste time doing it every 3 months).

Here’s a short article that explains everything: “Why I Switched From GoDaddy to SiteGround (and you should too).”

welcome to siteground screenshot from welcome email
screenshot from my “Welcome to SiteGround” email

If you’re interested in trying out SiteGround, I’d really appreciate it if you’d use a link above or in the “Why I Switched…” article → it won’t cost you a penny extra, but they pay me a small ‘thank you’ commission :)

The instructions below are based on what I learned via this video by Robert:

Update: I just found a terrific step-by-step blog post, with images for each step, by the author of the video below.

After you do this once, scroll down for “How to renew” instructions (much simpler process).

  1. Go to https://zerossl.com/free-ssl/#crt

2. Enter email address (for renewal reminders)

3. Enter domain name (both with AND without www)

4. Accept both terms via checkboxes at bottom, then “NEXT” (upper-right)

5. Once CSR is generated (takes a minute) download a copy

6. Click “NEXT” again to generate account key, then download a copy

7. Click “NEXT” to go to Verification page.

8. Download the verification text files

9. Go to GoDaddy’s CPanel (hosting) admin page, then File Manager

10. From there, go to “webroot/.well-known/acme-challenge/” directory, where “webroot” is the main directory with your website pages. If the directory has already been created, use upper-right to search for “.well-known”.

11. Upload the verification text files to that “webroot/.well-known/acme-challenge/” directory (for example, ExplainIt studios has it at “/home/mgav/public_html/explainit/.well-known/acme-challenge”) Test by clicking the file name (to the right of the download icon).

12. Click “NEXT” to reach the “Your Certificate is Ready!” page

13. Download backup copies of the two files

14. Go to cPanel, scroll down to SECURITY and click “SSL/TLS”

15. Scroll down and click “Manage SSL sites”

16. Scroll down to “Install an SSL Website” and select the appropriate domain

17. Return to ZeroSSL, copy the top “Begin Certificate” and paste it on the GoDaddy Certificate: (CRT) field (first one).

18. IMPORTANT — You just pasted TWO entries. Scroll to the bottom of what you pasted, cut the lower “ — -END CERTIFICATE — -“ up to the lowest “ — -BEGIN CERTIFICATE — -“ and paste that in the bottom “CABUNDLE” field.

19. Copy the Private Key from the 2nd ZeroSSL field and paste it in the middle “Private Key” field.

20. Click “Install Certificate” button at bottom

21. If needed, adjust .htaccess file to redirect to HTTPS (see last part of video)

How to renew Let’s Encrypt with ZeroSSL

It’s simpler than all the steps above.

Update: scroll halfway down the video author’s blog post for more details and troubleshooting.

Here are the RENEWAL steps:

(only use for ………… Renewals!)

1. Go to https://zerossl.com/ > Online tools > Start FREE SSL Certificate Wizard

2. Find and open your saved domain-csr.txt file from last renewal, then copy/paste all text in the lower-right “Paste your CSR…” field

3. Find account-key.txt file, then copy/paste all text in the lower-left “Paste your Let’s Encrypt key…” field

4. “Accept” both boxes, then click “Next”

5. Next page will load and you will hopefully see a small “…key is accepted” message

6. Download the two files, then place them on your server

7. Go to GoDaddy’s CPanel (hosting) admin page, then File Manager

8. From there, go to “webroot/.well-known/acme-challenge/” directory, where “webroot” is the main directory with your website pages. If the directory has already been created, use upper-right to search for “.well-known”.

9. Upload the verification text files to that “webroot/.well-known/acme-challenge/” directory (for example, ExplainIt studios has it at “/home/mgav/public_html/explainit/.well-known/acme-challenge”) Test by clicking the file name (to the right of the download icon).

10. Click “NEXT” to reach the “Your Certificate is Ready!” page

11. There is only one text box you can copy or download (you may recall starting from scratch method has two boxes). Download a backup copy.

12. Go to cPanel, scroll down to SECURITY and click “SSL/TLS”

13. Scroll down and click “Manage SSL sites”

14. Scroll down to “Install an SSL Website” and select the appropriate domain, then click “Autofill by Domain” (the current data — some of which you’ll be updating — will populate the fields)

15. Return to ZeroSSL, copy the whole certificate text (it’s actually two certificates) and paste it on the GoDaddy “Certificate: (CRT)” field (first one). You’ll see red alert text “The certificate is not valid.” Don’t worry.

16. IMPORTANT — You just pasted TWO entries. Scroll to the bottom of what you pasted, cut the lower “ — -END CERTIFICATE — -“ up to the lowest “ — -BEGIN CERTIFICATE — -“ and paste that in the bottom “CABUNDLE” field.

17. In step 14, you should have clicked the “Autofill by Domain” button, which automatically filled the Private Key field. Don’t do anything — it’s fine. (If you did not click the “Autofill by Domain” earlier, don’t do it now — just find copy the text from the domain-key.txt file and paste it in the middle “Private Key” field.)

18. Click “Install Certificate” button at bottom

I’m not an expert and cannot troubleshoot your installation or answer questions.

Best of luck!

P.S. Here are a few of my projects:

--

--