Free SSL Certificates from places like cPanel or Let’s Encrypt are great. When Let’s Encrypt first introduces free SSL Certificates it was revolutionary. Basically, everyone who owned a website saved at least $10 a year by using these free SSL Certificates. Unfortunately, they expire every three months which is annoying. If you use Cloudflare, you can use a free Cloudflare Origin SSL in cPanel which is valid for 15 years. You don’t need to worry about renewals or making sure all of your DNS entries are correct for the renewal on your VPS Server.
Create cPanel Cloudflare Origin SSL Certificate
First, create an origin certificate in cPanel. This is a self-signed certificate by Cloudflare. In Cloudflare for your domain name click SSL/TLS then, Origin Server. Click Create to create a certificate.
There are some things to note on this screen. For cPanel, make sure your key is generated in RSA format. Like your hostnames in the next section. You have double-barrel hostnames like in the example (dev-server.f2h.cloud), these are not covered by the wildcard. You MUST list them like we have. Set the expiry date for 15 years and click create.
Copy Certificate & Private Key
So, on the next page, you will now see your certificate and private key. Copy each certificate to its own text document on your local device. Download the signed CA from Cloudflare. It’s the top link. Now you have three files. The certificate & private key and the signed CA.
Install Cloudflare Origin SSL In cPanel
To install the new certificates we use WHM. Login as root and click “Install an SSL Certificate on a Domain“. On the next page, you will see three boxes. So here we need to paste the files we got from Cloudflare. The certificate goes in the top box, the private key in the middle box and the CA you got in the previous step in the bottom box. Click to install the SSL.
That’s it. Now ensure in Cloudflare on the SSL/TLS screen that your settings are set to either Full or Full Strict. You are now benefiting from all of the security advantages of cPanel and no one can bypass these like when using the Flexible setting.
But remember to check the certificate is installed correctly using an SSL Checker like https://www.sslshopper.com/ssl-checker.html
How was this article?
You might also like
More from cPanel
SWAP is a memory type that Linux NVMe VPS Servers use to process requests. Memory will be held in SWAP …
The Error: last request failed: [AUTH] Authentication failed error can be caused by a range of things. It could be …