Knowledge Base

How to secure a cPanel-enabled account with a Sectigo SSL certificate

This article discusses how Sectigo can automatically generate, install, and renew SSL certificates on a cPanel-enabled hosting account.

About Sectigo

Sectigo is part of an initiative to encrypt as much World Wide Web traffic as possible. It is designed to make creating, installing, and renewing SSL certificates a simple and straightforward process.

Although Sectigo SSL certificates are signed by a valid CA (certificate authority), there are some significant differences in these certificates and those issued by a traditional CA. For more information about these differences, please see this article.

Using Sectigo

Sectigo is enabled for all new and most existing Webhosting and Reseller cPanel accounts. To see if Sectigo is enabled for your account, click on the SSL/TLS icon in the Security section of cPanel. Then click Generate, view, upload, or delete SSL certificates. Sectigo will appear in the Issuer column on the next page unless non-Sectigo certificates were previously installed.

When Sectigo is enabled for your account, you do not have to do anything else. The entire process of generating, installing, and renewing SSL certificates is done automatically. (The server has a process running that automatically renews Sectigo certificates every 90 days so they stay valid.)

Certificates can take up to four hours to generate for a new domain. If your site needs a certificate sooner, please reach out to A2's support team who will be happy to assist with publishing the certificate as soon as possible.

When Sectigo is activated for a cPanel account, certificates are created for every existing domain and any domain that is added later.

When Sectigo is enabled for an account, it does not overwrite any existing SSL certificates that are already installed on the account. All non-Sectigo certificates take precedence and are enabled before any Sectigo certificates.

Troubleshooting

Sectigo is enabled by default, but there are instances when it cannot automatically generate an SSL certificate for an account. These include:

  • Other SSL certificates installed: If there is another SSL certificate of any type already installed (for example, valid, expired, or self-signed certificates), the Sectigo installer skips the domain and does not generate a certificate.
  • URL rewrites: Any URL rewrite rules that interfere with access to the public_html/.well-known directory can prevent Sectigo from generating a certificate. If you use URL rewrite rules, you can add the following line to your .htaccess file to make sure the .well-known directory remains accessible:
    RewriteRule ^.well-known - [L]
    For more information about URL rewrites, please see this article.

More Information

For more information about Sectigo, please visit https://sectigo.com/.