cPanel remains the most popular hosting control panel in the world, powering millions of servers globally. One of its key strengths is the simplicity and automation of SSL certificate management. Even inexperienced users can install a Let's Encrypt certificate with a few clicks and secure their website with encrypted connections. The Sayt.uz technical team works with cPanel daily and in this article we share the most effective installation methods.
What is AutoSSL and how it works
AutoSSL is a feature built into cPanel/WHM that automatically obtains and installs Let's Encrypt or Sectigo certificates for all domains. Once the server administrator enables AutoSSL in WHM, every cPanel account receives a free certificate without user intervention. Renewal also happens automatically thirty days before expiration, and the site owner never notices this process. AutoSSL runs several times a day and provisions certificates for newly added domains almost instantly.
When manual installation is required
AutoSSL only supports Let's Encrypt and Sectigo, so if you purchased a commercial certificate from DigiCert, GeoTrust or another provider, you will need to install it manually. Go to the SSL/TLS section and click Manage SSL Sites. In the form that opens, paste the certificate CRT, private key KEY and certificate chain CA Bundle into the corresponding fields. cPanel automatically validates the match between key and certificate, and the most common error is a mismatch indicating you used the wrong KEY file.
Working with wildcard certificates
Wildcard certificates cover all subdomains with a single record and need special attention when installed in cPanel. Select example.com as the primary domain rather than *.example.com, then repeat installation for each subdomain individually. This is an internal cPanel limitation where each subdomain is treated as a separate hosting account. The Sayt.uz team performs this work for clients at no cost and properly configures wildcards across all required subdomains.
Properly attaching the certificate chain
The most common mistake is forgetting the CA Bundle. Browsers cannot locate intermediate certificates on their own, so the connection is marked as untrusted even when the root certificate is correctly installed. cPanel tries to autofill the chain via the Autofill by Certificate button, but this does not always work. If the provider did not send you the full chain, download it from the certificate authority website and paste it into the Certificate Authority Bundle field. SSL Labs is the standard tool for verifying chain completeness.
Sayt.uz practice
Seventy-eight percent of Sayt.uz hosting accounts run on cPanel, and we enable AutoSSL by default for every account. After purchasing hosting, the client site begins serving encrypted connections within fifteen minutes. Manual installation of commercial certificates is a free service that our technical team completes within one hour. Corporate clients use DigiCert OV and EV certificates starting at 1,200,000 soum per year with full document verification.