Nowadays, almost any website you visit you will see the same thing, a small lock icon next to the URL of the site. This means that the website is secured via transport layer security (TLS). In fact, if a site does not have an SSL certificate, most browsers will show a warning saying that the site is unsafe. This visual cue is essential for securing your website and building trust with your audience. Understanding the fundamentals of what is SSL is the first step toward a professional online presence.
Today, we will delve a little deeper into what is an SSL, types of validation for SSL certificates. Then, we will show you how to install Sectigo SSL on cPanel, which is a crucial task for anyone using cPanel VPS hosting to manage their web projects effectively.
🛡️ What is an SSL?
Secure Sockets Layer (SSL) is a protocol for enabling data encryption and site authentication on the Internet. This is done by making sure that all data transferred between the user and the site, or between two systems remain impossible to read if intercepted. This process is deeply rooted in data encryption technology, ensuring that even if data is captured, it remains gibberish to unauthorized parties.
Credit card numbers, medical details, and other sensitive information are transmitted only after being converted into a secure code. It uses encryption algorithms to scramble the data during transit, which prevents hackers from gaining access to it. This protection is vital for any newly created website that handles user information.
Domain authentication reassures site users that they're interacting with the site identified in the URL bar. Without SSL, online transactions would be vulnerable to interception by unauthorized parties, often referred to as a Man-in-the-Middle attack.
SSL is commonly used to protect communications between web browsers and servers. However, it is also used for server-to-server communications and for web-based applications. While many people use the terms interchangeably, there are technical nuances in the TLS vs SSL comparison that modern administrators should be aware of.
📋 SSL Validation Types
All SSL certificates are classified by their validation levels. Before a certificate authority (CA) can provide an SSL certificate to an organization, they have to do a small investigation to make sure the organization is a valid one. This is done so that there is a guarantee that the organization/individual requesting the domain actually owns and operates it.
As you probably already guessed, not all validation levels are the same. While one type could have just a bare minimum verification process, others could include a full-blown background investigation. Selecting the right type is as important as choosing the right web hosting for your needs.
It is important to note, however, that while the validation levels could be different, all SSL certificates provide the same level of TLS encryption. They only vary by the level of authentication the certificate authority has used to verify the client’s identity.
✅ Domain Validation (DV)
This is the most basic level of validation available within the SSL certification process. Getting one such certificate is quite simple; you only need to prove that you have control over the domain. This can be done by altering the DNS record associated with the domain, or sometimes by simply sending an email to the certificate authority from the domain’s email. More often than not, this process is carried out automatically.
Such a level of validation is the cheapest and most suitable for sites such as blogs, portfolios, or small businesses that are looking to quickly have HTTPS. Basically, if you do not sell products or services via your website, the DV certificate is often sufficient. If you are using a Linux VPS, you might also consider looking into free SSL options for non-commercial projects.
✅ Organization Validation (OV)
Now we move onto the intermediate level of SSL validation. It involves a manual vetting process that usually includes the certificate authority contacting the organization that requested the SSL certificate and sometimes even some further research. This provides a higher level of trust than DV certificates because the CA verifies the actual existence of the business entity.
✅ Extended Validation (EV)
Lastly, we have the professional level of SSL validation. Extended validation involves a full background check of the organization. First and foremost, the certificate authority will verify that the organization actually exists and is legally registered as a business, present at the address they specified. While taking the longest and costing the most, this level of SSL validation is the most trustworthy.
If you have ever visited a website and seen the URL turn green (in older browser versions) or seen the company name in the certificate details, then they have an Extended Validation SSL. This is highly recommended for e-commerce sites using platforms like WooCommerce.
🚀 Installing SSL on cPanel
To install the SSL service on cPanel, the below-mentioned steps must be followed. This guide assumes you have already purchased your certificate through the MonoVM and Sectigo partnership for seamless integration.
| Step Number | Action Item | Description |
|---|---|---|
| 1 | Email Creation | Set up a domain-specific email for validation. |
| 2 | Generate CSR | Create a Certificate Signing Request in cPanel. |
| 3 | Submit to CA | Send your CSR to Sectigo/CA. |
| 4 | Validation | Complete the Domain Control Validation (DCV). |
| 5 | Installation | Upload and activate the certificate files. |
📧 Create an email account under your domain name
As the first step, we will create an email account to set this account as the base email address for configuring the SSL certificate. This email address will be used for receiving the verification emails and the certificate which will be sent from the Certificate authority (CA). Also, we will use this email account when we want to generate the CSR code. If you need more details on managing this, check our guide on creating email accounts in cPanel.
- For creating the email account, log in to cPanel and, click on the Email Accounts option in the EMAIL section.
- Then click on the +Create button.
We have to create an email account named admin, or administrator, or webmaster, or postmaster or, hostmaster. These are the standard "Authorized" addresses used by CAs to verify domain ownership.
In this tutorial, we create an email account with the name 'admin'. Enter the username (admin), generate a password and, click on the '+Create' button. For more advanced management, you can refer to our article on how to create and manage webmail in cPanel.
🔑 Generate the CSR (Certificate Signing Request)
A CSR is a block of encoded text that is given to the CA company when applying for an SSL Certificate. The CSR contains information that will be included in the certificate such as:
- the organization name
- domain name
- locality
- country
It also contains the public key that will be included in the certificate. For a deeper technical dive, read our full article on What is a Certificate Signing Request.
For generating the CSR,
- find the Security section on cPanel main page and click on the SSL/TLS option
- In SSL/TLS page click on the Certificate Signing Requests (CSR) option.
- Fill in the required information in the CSR generation form and click on the Generate button.
Key: It is better to select the default value (2,048 Bit). If you select the 2048-bit key, a completely new Private Key will be generated.
Domains:
- In the Domains text box, enter the domain name of the website that the certificate will secure (common name).
- The common name for all Wildcard certificates should be represented with an asterisk in front of the domain (*.domain.com).
- To create your CSR code for multiple domains, enter each domain in a new line.
City/State: Enter the complete name of your city and state (or region) in related boxes.
Country: Select your country from the drop-down list.
Company: Enter the officially registered name for your business. Also, you can enter the domain name without the extension.
Email: We will use the email account that we created in the previous step.
Click on the Generate button. The next page will show the newly generated CSR code. You can now use the Encoded Certificate Signing Request to activate the certificate.
📤 Sending CSR to the CA Company
At this step, we have to send the generated CSR and the contact information to the CA company by filling a form. This step connects your local server request to the global certificate authority.
In order to access the mentioned form,
- Login to your client area on Monovm website, and select the purchased Sectigo or PositiveSSL service in your service’s list. This process is similar for those who install SSL on VPS environments manually.
- After selecting and opening the service page, click on the Submit Certificate Request button.
- In the next page, we have to copy and paste the generated CSR in the relevant text box and click on "Submit CSR" after completion.
🔎 Domain Control Validation
A Domain Control Validation (or DCV) must be completed before issuing an SSL certificate in order to verify the person making the request is in fact authorized to use the domain related to that request. This is a critical security step to prevent unauthorized certificate issuance.
By clicking on Submit CSR button, a new page will appear. On this page, we can define an email account as the main account for receiving the validation email. You can also learn how to use and manage the domain control panel for broader domain settings.
Also, we can check the generated CSR details. We select the created email account via the drop-down menu and click on the Submit Validation Request button. By clicking on this button we will receive a validation email in the predefined email address.
Note: Receiving the validation email may take up to a few minutes to an hour. Always check your spam folder if it doesn't arrive within 15 minutes.
Now let's go and check the received email. After receiving the Domain Control Validation email, click on the portal link and enter the validation code provided in the email message.
📥 Download and install the Certificate
After submitting the validation code, the CRT file will be accessible on the service page. This signifies that the CA has verified your domain and issued the actual certificate.
Open the service page in the Monovm client area > click on the Download CRT button > download the zip file which contains the CRT files.
After downloading the file, extract it. You will usually find a .crt file and a CA-Bundle file.
Now we are going to install the certificate on cPanel. Login to cPanel once again and click on the SSL/TLS option via the Security section. In the SSL/TLS page click on Generate, view, upload, or delete SSL certificates option to open the certificate installation page.
On the next page, we can install the downloaded certificate. Click on the Choose File button and open the downloaded CRT file. Then click on the Upload Certificate button.
After saving the certificate we will be able to install the certificate. Click on the Go Back option to go back to the previous page. We will be able to see that the certificate has already been added to cPanel.
Click on install.
By selecting the install, the Certificate: (CRT), Private Key (KEY) and, Certificate Authority Bundle: (CABUNDLE) boxes will fill automatically. This is a great feature of modern cPanel versions that simplifies the process significantly.
Click on the Install Certificate button to complete the SSL installation steps. Once completed, your server will start serving your website over a secure connection.
Now we have completed the SSL installation and our website can be redirected to HTTPS so it will be loaded with the security protocol. For automated redirects, you might want to look at redirecting HTTP to HTTPS using your .htaccess file.
Open your website, click on the lock sign beside the URL bar, and select the Certificate option. We can check the certificate information in the opened box to ensure everything is valid and correctly issued by Sectigo.
💡 Expert Tips and Common Mistakes
While the process is straightforward, beginners often encounter small hurdles. Here are some expert insights to ensure a smooth installation:
- Common Mistake: Forgetting to include the CA-Bundle. Without it, some mobile browsers might still show a "Not Secure" warning.
- Pro Tip: Always keep a backup of your Private Key. If you lose it and haven't saved it in cPanel, you will need to re-issue the certificate from scratch.
- Redirection: Simply installing the SSL isn't enough for SEO. Use htaccess tips to force all traffic to the secure version of your site.
- Security: If you are running a WordPress site, consider WordPress security plugins that help manage SSL and security headers.
🔚 Conclusion
We hope that with the help of this in-depth article you were able to understand a little better about SSL certificates and how they are distributed. Implementing security is a foundational part of hosting a website professionally. Additionally, the detailed in-depth tutorial should help you effortlessly install a Sectigo SSL certificate on cPanel. If you are ever facing errors like the SSL protocol error, remember that most issues stem from configuration steps or expired certificates. If you have any questions or suggestions, please leave them in the comment section below.
