InMotion Hosting Support Center

SSL certificates can be installed by account owners on Shared servers, VPS or Dedicated Server accounts. If you require assistance, please submit a request to our live technical support team. They can quickly help you with getting an SSL certificate installed if necessary. cPanel releases (versions 11.38 and higher) come with a new SSL/TLS Manager which is available to cPanel users. This interface gives you the ability to generate, view, or upload, private keys, Certificate Signing Requests (CSR), and certificates (CTR), and also allows the ability to activate an SSL certificate on your web site.

Go:

Links:

AutoSSL certificates are a free SSL option that has been added in the latest releases of cpanel/WHM for VPS and Dedicated server accounts. It is important to note that while it is possible to use a shared SSL with the free certificate, the actual domain name being displayed for the certificate will not necessarily match the domain being secured. Servers using SNI (Server Name Indication) will highlight the issue. The easiest way to avoid this complication is to purchase a dedicated IP address for domain that is using an SSL certificate.

If you need an SSL certificate, you can order an SSL certificate from AMP from InMotion Hosting. Our Dedicated SSL certificates are Comodo-issued 256-bit encrypted InstantSSL certificates and are only $99.99 / year.

Otherwise, you can use the new cPanel SSL/TLS Manager to complete the SSL install process on your own when purchasing a 3rd party SSL certificate.

If you just need a SSL certificate for testing purposes, you can generate a self-signed SSL certificate for free.

Enable SSL/TLS Manager in WHM for cPanel users

Before using the SSL/TLS Manager as a cPanel user, it first needs to be enabled in WHM's Tweak Settings option.

  1. Login to WHM
  2. in whm type tweak and click on tweak settings

    In the top-left find box, type in tweak, then click on Tweak Settings

  3. in whm type allow cpanel and enable cpanel users to install SSL hosts

    Type Allow cPanel in the top-right find box, then fill in On beside Allow cPanel users to install SSL Hosts, then click Save

    You should see WHM Updating tweak settings... and then when it completes it will say Done at the bottom.

    whm tweak settings updated

Using the cPanel SSL/TLS Manager

Once you have the cPanel SLL/TLS Manager enabled in WHM, you can access it when logged into cPanel.

  1. Login to cPanel

  2. under security click ssl tls manager

    Under the Security section, click on SSL/TLS Manager

Generate Private Keys

Before generating anything else, we need to generate some Private Keys, these are used to decrypt information transmitted over an SSL connection. You need a separate Private Key for each SSL certificate you wish to use.

  1. click generate private keys

    Access the cPanel SSL/TLS Manager

    Click on Generate, view, upload, or delete your private keys

  2. click generate

    Typically a Key Size of 2,048 bits is fine, but if you need another one you can select it from the drop-down.

    Fill in a Description for the key if you'd like, then click Generate

  3. cpanel generated private key

    Now with your Private Key generated, click on Return to Private Keys

    You should see the key you created listed

    cpanel view keys on server

  4. paste or upload private key

    If you already have a Private Key not on the server, then under the Upload a New Private Key section, you can either paste in your key and click on Save, or you can click on Choose File to browse your computer for the key, and then click Upload

    After you've already generated or uploaded your Private Key so it exists on the server, click on Return to SSL Manager

Generate CSR

Before getting an SSL certificate for your website, you need to generate a Certificate Signing Request (CSR). This request will include your domain name and company, as well as information specific to the server you're hosting on.

  1. click generate csr

    Access the cPanel SSL/TLS Manager

    Click on Generate, view, or delete SSL certificate signing requests

  2. fill out csr fields click generate

    Fill out all of the fields for your CSR, then click Generate

  3. copy generated csr text

    You should now see the generated CSR, you can click in the text-box and then hit Ctrl-A to select all the text, and then Ctrl-C to copy it.

  4. Now you need to take this CSR text generated from the cPanel server, and when you are purchasing a SSL certificate, the Certificate Authority that you buy it from will need to be supplied with it.

    When asked the server type your CSR was generated on, you'd want to select RedHat Linux.

Generate a self-signed SSL certificate

If you just need your website data encrypted, and are not worried about web-browser warnings you can generate a self-signed SSL certificate for free.

When you access a self-signed SSL website from your web-browser, you will get an self signed SSL warning such as this one in Google Chrome. You can simply safely click on Proceed anyway to still get to the website.

self signed ssl warning click proceed anyway

When you're on your website if you click on the SSL padlock icon, you can see the reason we got a warning is because the website's identity has not been verified. This is because we used a self-signed SSL certificate and it wasn't verified by a 3rd party certificate authority

self signed ssl info
  1. click generate certificate

    Access the cPanel SSL/TLS Manager

    Click on Generate, view, upload, or delete SSL certificates

  2. fill out details for self signed ssl certificate click generate

    Scroll down to the Generate a New Certificate section and fill out all of the details for your self-signed SSL certificate, click Generate

  3. copy self signed certificate text

    On the next page, click in the Encoded Certificate text-box, then hit Ctrl-A to select all the text, and then Ctrl-C to copy it.

Install 3rd party SSL certificate

If you sent off your CSR to a certificate authority, you should have gotten back a matching SSL certifcate that you can now go back and install on the server to use for your website.

  1. click generate certificate

    Access the cPanel SSL/TLS Manager

    Click on Generate, view, upload, or delete SSL certificates

  2. paste or upload your ssl certificate

    Now either paste your certificate info into the Paste your certificate below box and click Save Certificate

    Or click Choose File to browse your local computer for the certificate file and click on Upload Certificate

Activate SSL certificate on web site

Now that you've generated a private key, generated a CSR, and installed a SSL on your account, you should be ready to activate that SSL certificate for your website.

  1. click setup an ssl certificate to work with your site

    Access the cPanel SSL/TLS Manager

    Click on Install and Manage SSL for your site(HTTPS)

  2. select ssl domain click autofill by domain

    From the Domain drop-down, select the domain you're installing your SSL certificate on, and then click Autofill by Domain

  3. click install certificate

    In this case you can see it's warning us that the Issuer is self-signed which is fine. If you actually installed a 3rd party verified certificate you shouldn't see this warning.

    Click on Install Certificate

You will then see confirmation that the SSL certificate was installed. You should hopefully now understand how to use the cPanel SSL/TLS Manager to either generate a CSR or get a SSL certificate installed on your website.

Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Support Center Login

Our Login page has moved, Click the button below to be taken to the login page.

n/a Points
2018-05-03 9:30 am

Hello,

I did a padlock checking and I got following information on all 3 servers and websites.

You currently have TLSv1 enabled.This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

How to disable TLSv.1?

Best Regards,

Ursula

Staff
31,204 Points
2018-05-03 11:11 am
Since all SSL's issues by InMotion (including the FreeSSL) already meet this requirement, you most likely got your SSL from a 3rd party. I recommend contacting them, and asking for them to re-issue a new SSL that meets these requirements.

Thank you,
John-Paul
n/a Points
2018-06-01 1:01 pm

I did a padlock check on a website hosted on your server with SSL issued by InMotion (AutoSSL) and got following information:

You currently have TLSv1 enabled.This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

How to disable TLSv.1?

Best Regards,

Deb

Here's a link so you can see what I'm seeing:

https://www.whynopadlock.com/results/679a6828-2b86-40f6-88d6-c530ba4e652b

Staff
2,605 Points
2018-06-01 3:06 pm
You can modify the cipher suites available for Apache with root access. If you are on a Business Class or Reseller Hosting plan, then you do not have the ability to disable this in Apache as root access is unavailable for those types of hosting plans.
n/a Points
2018-04-18 7:46 pm

I have purchased my SSL cert through you and it needs installing on my url.  when following the instrucitons above it shows my old one has expired but where do I get my new one?  Should it not already be linked to the URL and therefore available for autofill?

Staff
31,204 Points
2018-04-19 1:02 pm
When you purchase an SSL from InMotion, our Live Support team will install it for you automatically. Since it sounds like it has not been installed correctly, I recommend reaching out to our Live Support team so they can test your specific account and verify if it has been updated successfully.

Thank you,
John-Paul
n/a Points
2018-02-08 7:02 pm

Hello, I've generated the Private Key, Self-Signed Cert, CSR and also activate SSL.

But my website still does not have the PADLOCK icon, rather all I see is  a circle icon that says: 

"Your connection to this site is not fully secure"

I run a classified ad wordpress powered website with classipress+classipost themes by Appthemes.com

And I have also installed woocommerce on it and people will surely be making payment on the site.

Pls tell me, how can I get my site fully secure/ the green padlock enabled.

Your quick response will be highly appreciated, thanks

Staff
2,605 Points
2018-02-09 11:19 am
Hello!

Installing an SSL Certificate is just one step towards securing your website. However, our guide: My SSL Lock is not Displaying, includes more details as to why the padlock does not display immediately after installing your SSL Certificate. Typically this is due to the fact that there are links or images on your website that do not use the https:// protocol when loading. You will need to update that content accordingly. I recommend using a third party tool like Why No Padlock to help determine the content that needs to be updated and/or any other issues that may be found using that tool.
n/a Points
2017-10-20 1:13 am

Hello, speaking exclusively of your reseller plans:

 

1. Can I install an SSL from another provider without having to buy a dedicated ip?

 

2. If at any time I would like to buy a dedicated ip, can I just buy it from you or can I do it to another provider?

 

3. The article and the comments are confusing. Is not a dedicated ip needed to use an SSL certificate on your servers?

 

I hope I will respond that I need to make a decision sooner.

 

Thank you.

 

Regards

Staff
42,025 Points
2017-10-20 6:01 am
Hello,

1. Can I install an SSL from another provider without having to buy a dedicated ip?

Yes, you can install an SSL without a dedicated. SNI (Server Name Indicator) allows the server to bind one IP to multiple SSLs. However, if you're providing security for transactions (e.g. credit card or merchant services) then you will want to use a dedicated IP. Different types

2. If at any time I would like to buy a dedicated ip, can I just buy it from you or can I do it to another provider?

If you're hosting with us, then you need to purchase the dedicated IP address through us.

3. The article and the comments are confusing. Is not a dedicated ip needed to use an SSL certificate on your servers?

The SNI feature on hosting servers allows you to have multiple SSL certificates bound to one IP address. However, the disadvantage is when a customer is trying to make a secure connection to your website for a transaction. If you are using one IP address for multiple SSL certificates then the browser is unable to determine the correct domain associated to that certificate for purposes of a secure transaction. Since there may be multiple domains associated with that IP address, the requesting server is unable to trust the connection and it is considered insecure. So, in cases where you need to have a more secure connection, you need to purchase a dedicated IP address.


I hope this helps to clarify the issue and answer your questions!

If you have any further questions, please let us know.

Kindest regards,
Arnel C.
n/a Points
2017-10-16 5:47 pm

InMotion Reseller Free SSL is now here. Hoo-rah!

Staff
2,605 Points
2017-10-16 5:54 pm
We are so glad you are excited! We are excited to have launched rolling that out!
n/a Points
2017-07-26 11:33 am

Disculpen donde puedo ver mi configuración que ya realice del SLL en mi CPanel

Staff
42,025 Points
2017-07-26 11:53 am
Hello Maria,

Apologies for any confusion, but we are not sure what you mean by "SLL." Are you referring to SSL? If so, then you would be able to see SSL certificates under the Security section > SSL/TLS. If you purchased a certificate from InMotion, then you would the status and billing information for that certificate in the Account Management Panel (AMP) interface.

If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2017-07-26 9:47 am

To clarify few points after reading the article and comment section:

1.> Dedicated IP is not mandatory for SSL installation on shared server as SNI is available on shared servers. But if I face any domain mismatch issue, it is better to buy dedicated IP. Is my understanding correct?

2.> Following the above process, I can install any third party SSL certificate including free SSL from Let's Encrypt. Please clarify if Let's Encrypt SSL are still not allowed on shared servers.

Thanks,

Amalendu

13,821 Points
2017-07-26 10:04 am
1. Yes, via SNI dedicated IPs are not needed for SSLs but recommended.
2. The FREE SSL certificates offered are not via Let's Encrypt. Thats not to say they cannot be installed. We simply do not support them meaning, we aren't offering any support on how to do so. We do offer the Auto SSL option in cPanel which is a FREE SSL similar to Let's Encrypt. The FREE SSL is available to new customers now, and will be rolling out to all customers within the next few weeks.
2017-07-26 5:42 am
thankyou.. solved
n/a Points
2017-07-13 8:07 am

Hey guys,

I have installed SSL as shown in the above content to my site.

Still I cannot find out the SSL in my site ************.net

Please help me to resoleve this issue.

Staff
31,204 Points
2017-07-13 12:54 pm
If you are using a CMS (such as WordPress, Joomla, Drupal, etc.) you should change to https in your admin dashboard section.

If you hand-coded your site, you can force SSL (https) using a .htaccess rule.

Thank you,
John-Paul


Thank you,
John-Paul
n/a Points
2017-05-04 6:21 am

Hello,

When I try to install certificate from cPanel or WHM, I get below error -

API failure: cabundle.cpanel.net did not have any working mirrors. Please check your internet connection or dns server. at /usr/local/cpanel/Cpanel/HttpRequest.pm line 996.

Not sure what to do.

Can you guide?

 

Thanks for help.

 

 

 

13,821 Points
2017-05-04 7:52 am
Sounds like there might be an issue with it finding a mirror. I'd wait to see if the error persists for more than 24 hours. If it does, you should reach out directly to your host.
n/a Points
2017-03-15 2:32 pm

Why does Business/Shared hosting not support SNI at this time?  A dedicated IP should not be required if InMotionHosting uses up-to-date software.  You appear to allow SNI on VPS servers.  Will you enable SNI on Business/Shared hosting plans soon?

Staff
42,025 Points
2017-03-15 5:05 pm
Hello Anary,

This article needs to be updated as we do have SNI enabled on our business class servers. If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2016-09-28 6:38 am

Hi, my generated private key doesn't work on my third party ssl

Staff
42,025 Points
2016-09-28 1:41 pm
Hello Daniel,

Sorry for the problem with your generated private key not working with your third party SSL. You will need to submit a verified support ticket to our technical support team so that they can investigate the issue. Make sure to include all the relevant information concerning your SSL.

If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2016-08-17 8:14 am

I am using CloudFlare.com.

 

I created a CSR from cPanel, the private key also got added. Then I added the CSR to CloudFlare and got the certificate. Then I added the certificate to cPanel.

 

After doing all the above, I am still not getting the fourth option which is:

 

"Activate SSL on your website (HTTPS)

Setup an SSL certificate to work with your site."

 

How to get this option?

 

Thanks

Staff
42,025 Points
2016-08-17 9:19 am
Hello VK Rajagopalan,

You may need to follow the Cloudflare instructions for adding your SSL. If you continue to have problems, then please give us details on the issue (steps taken, error messages, domain name) and we can attempt to research it further.

If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2016-08-18 3:38 pm

Hi Arnel,

Thanks for your response. Actually, I was not logging into the root cPanel. After logging into root, I was able to see the fourth option and I clicked "Setup an SSL certificate to work with your site" to setup the site.

 

But now when I try to goto my site: https://uupkeep.com, I get the message "Your connection is not private"

Also, last week, I changed over to a new VPS server with CentOS 6 and SNI installed.

I go to the cPanel URL in this server (even before logging in), https://vps21403.inmotionhosting.com:2083 and when I click the red triangle in the address bar, I get the message "Your connection to this site is not private". And when I click Details, I get the message:

"Certificate Error
There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID)."
 
Is the SSL problem in my site https://uupkeep.com because of the above issue?
 
Thanks

 

 

 

Staff
10,660 Points
2016-08-18 3:44 pm
It could be the SSL or there are possibly elements on your site hard-linked for http instead of https.
n/a Points
2016-08-14 3:51 pm

What about this information I found. I have a VPS.

 

Server Name Indicator (SNI)

Currently, it’s common for each SSL Certificate to require its own dedicated IP address. The cost of this address is typically being passed down to the end user.

SNI is able to change this paradigm by indicating what hostname the client is connecting to at the start of the handshake process. This allows a server to have multiple certificates all installed on the same IP address. Users on shared servers, that support SNI, will be able to install their own certificates and bypass the need for a dedicated address. While this saves on the cost of the dedicated IP address, this also helps reduce the need for extra addresses.

In order to experience the full benefit of SNI in cPanel & WHM 11.38, an operating system that supports this functionality will be needed as well. CentOS 6 is a prime example of such an operating system.

Staff
43,761 Points
2016-08-15 11:12 am
Yes, if you are on a VPS that passes those requirements (Centos 6 and WHM 11.38) then you can certainly use SNI.
n/a Points
2016-08-02 8:54 am

Very indepth guide. Your tutorial with picture has helped me to install  SSL on my site very easily. Thanks a lot.

n/a Points
2016-05-11 3:48 pm

cPanel SSL/TLS Manage:

after updating my ssl i am still seeing my old ssl, when i view cpanel or whm (ONLY) the old ssl still exists, there is no Tweak Settings 

Staff
42,025 Points
2016-05-11 4:53 pm
Hello,

Sorry for the problems with the old SSL certificate in your cPanel/WHM. If you're unable to see the Tweak Settings in WHM, then you're not logging in as the root user. You will need to use root access to the server in order to remove the certificate. You can also contact our live technical support team for assistance with this particular issue (contact information is at the bottom of the page).

If you have any further questions, please let us know.

Kindest regards,
Arnel C.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

41 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!