What Is SSL/TLS?
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) encrypt the connection between a visitor's browser and your web server. This protects sensitive data like login credentials, form submissions, and payment information from being intercepted.
Every website should use HTTPS. Search engines penalize HTTP-only sites in rankings, and modern browsers display "Not Secure" warnings for any page loaded over HTTP.
Types of SSL Certificates
- DV (Domain Validated) — Verifies domain ownership only. Fastest to issue. Free options available (Let's Encrypt).
- OV (Organization Validated) — Verifies the organization behind the domain. Shows company name in certificate details.
- EV (Extended Validation) — Rigorous verification process. Previously showed green address bar (no longer in modern browsers).
- Wildcard — Covers all subdomains:
*.yourdomain.com. Useful for sites with many subdomains.
Installing SSL on cPanel
AutoSSL (Easiest Method)
Most cPanel hosts have AutoSSL enabled. It automatically provisions and installs a free SSL certificate. Go to cPanel → SSL/TLS Status to check if AutoSSL has already issued a certificate for your domain.
If not, click "Run AutoSSL" to trigger certificate issuance.
Manual SSL Installation
If you have a purchased certificate, go to cPanel → SSL/TLS → Manage SSL Sites:
- Paste your Certificate (CRT) in the first field
- Paste your Private Key in the second field
- Paste the CA Bundle (Intermediate Certificate) in the third field
- Click Install Certificate
Let's Encrypt with Certbot (Command Line)
# Install Certbot on Ubuntu/Debian
sudo apt update
sudo apt install certbot python3-certbot-nginx
# For Apache instead of Nginx
sudo apt install certbot python3-certbot-apache
# Issue and install certificate (Nginx)
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
# Issue and install certificate (Apache)
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
# Test auto-renewal
sudo certbot renew --dry-runCertbot automatically configures your web server and sets up a cron job for auto-renewal (certificates expire every 90 days).
Forcing HTTPS via .htaccess
After installing SSL, redirect all HTTP traffic to HTTPS:
# Add to .htaccess in your document root
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Nginx HTTPS Redirect
# In your Nginx server block
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$server_name$request_uri;
}Fixing Mixed Content Warnings
After enabling HTTPS, your browser may show "Mixed Content" warnings if some resources (images, scripts, stylesheets) are still loaded over HTTP.
Identify Mixed Content
Open browser DevTools (F12) and check the Console tab for mixed content warnings. They'll show you exactly which URLs are loading over HTTP.
Fix Hard-Coded URLs
Search your codebase and database for http:// references and update them to https:// or use protocol-relative URLs (//).
Add Content Security Policy
As a last resort, use the upgrade-insecure-requests CSP header:
# In .htaccess
Header set Content-Security-Policy "upgrade-insecure-requests"Common SSL Errors
- ERR_CERT_DATE_INVALID — Certificate has expired. Renew it or check auto-renewal is working.
- ERR_CERT_COMMON_NAME_INVALID — Certificate doesn't match the domain. Re-issue for the correct domain(s).
- ERR_CERT_AUTHORITY_INVALID — Missing intermediate certificate (CA Bundle). Re-install with the full chain.
- ERR_SSL_PROTOCOL_ERROR — SSL/TLS misconfiguration. Check your server config for supported protocols.
Test your SSL configuration at SSL Labs (ssllabs.com/ssltest). It gives you a grade (A+ to F) and identifies specific issues with your certificate chain, protocol support, and cipher suite configuration.