1. Home
  2. Installation and Getting Started
  3. Let’s Encrypt SSL Usage via AutoSSL
  1. Home
  2. General Use and Troubleshooting
  3. Let’s Encrypt SSL Usage via AutoSSL
  1. Home
  2. SSL Certificates
  3. Let’s Encrypt SSL Usage via AutoSSL

Let’s Encrypt SSL Usage via AutoSSL

When adding a domain to an existing cPanel or creating a new cPanel account, AutoSSL will run automatically at that time to secure your site with a free SSL certificate. This will only be successful as long as DNS is already pointed. As such, it can be beneficial to assign your Rochen nameservers on the domain at your registrar before adding it to your account. This will ensure a seamless automatic Let’s Encrypt SSL setup for your domain with no delays.  

That said once your domain resolves to the account, you can always check the status or run AutoSSL on demand via cPanel.  

From cPanel, navigate to the “Security” section and choose “SSL/TLS Status”: 

Next, you’ll see a list of domains associated with the account along with their AutoSSL status. 

Make sure that any (sub)domains you wish to access via HTTPS or use with your email client have a green lock status and read ‘AutoSSL Domain Validated’ as above. 

If there were any problems securing a (sub)domain in the last AutoSSL run, they will be noted on the certificate status side of the page. 

You can always click ‘Run AutoSSL’ at any time to secure a domain that has been recently pointed. Any (sub)domains that do not resolve to your account should be excluded by clicking the ‘Exclude from AutoSSL’ link next to them. This will prevent unnecessary SSL renewal warning emails from being generated for those domains. 

If you find that you are still having difficulties accessing your site over HTTPS, but the ‘SSL/TLS Status’ page indicates you are good to go, you can use an online certificate checker to confirm the SSL has been successfully applied. 

One such tool can be found at the following URL: 

https://ssltools.digicert.com/checker/views/checkInstallation.jsp

This is a fairly basic test, but one powerful feature with this one is you can specify the TCP port you would like to check. So for example, entering ‘rochentesting.com:443’ (domain:port) will check normal HTTPS access for web browsing. If you would like to verify the SSL is working correctly for IMAP and SMTP, you could specify ports 993 or 465 respectively. 

On the ‘Certificate Chain’ tab ‘R3’ is the intermediate used by Let’s Encrypt. 

Reinstalling an AutoSSL Certificate

If for some reason you are having a problem with the certificate chain, it’s possible it may require a manual update. There is a quick tool available at https://crt.sh/ which will allow you to view and download recent SSL certificates for your domain name.  

The next page will show a historical log view of the SSLs issued for your domain. The most recent entry will be at the top of the page and is typically the SSL you’re looking for. 

If you click the link under the ‘crt.sh ID’ field, this will show you extended info on the certificate with the option to download the certificate itself. 

Click ‘Download Certificate: PEM’ to download a plain text copy of the SSL certificate which can be opened with any text editor. 

To reinstall the certificate, navigate to the ‘SSL/TLS’ page in cPanel (not ‘SSL/TLS Status’) and choose ‘Manage SSL Sites’: 

On the next page you’ll see your installed SSLs with the option to Uninstall them if desired. To reinstall, first Uninstall the certificate. 

Next, fill in the contents of the ‘.pem’ file you downloaded into the ‘Certificate’ field, click ‘Autofill by certificate’ to populate the other fields including private key automatically. Next,  remove the contents of the ‘Certificate Authority Bundle’ field that were auto-filled to ensure this is re-downloaded by cPanel and updated appropriately, then click ‘Install Certificate’. 

cPanel should now show the newly (re)installed certificate at the top of the page. Please allow a few moments for the web server to gracefully reload the updated virtual host, then you can check the site again over HTTPS. 

If you run into any problems please open a support ticket with us via your MyRochen portal at https://my.rochen.com and we will be happy to assist further. 

Updated on October 8, 2021

Was this article helpful?

Related Articles

Need Support?
24/7 support is available through the My Rochen portal.
Login