A Guide to Setting Up Let’s Encrypt SSL on Shared Hosting

We teamed up with SiteGround
To bring you up to 65% off web hosting, plus free access to the entire SitePoint Premium library (worth $99). Get SiteGround + SitePoint Premium Now

In recent years, there’s been a strong push by Google and others to make the web more secure by encouraging the use of TLS/SSL (transport layer security/secure sockets layer) on every website.

padlock image

Google has added extra encouragement for using HTTPS by giving a ranking boost to sites, and, like other browser makers, is gradually turning up the heat in Chrome by introducing increasingly alarming alerts on sites without encryption.

Until recently, SSL certificates were quite costly. Let’s Encrypt changed that by offering free certificates.

There are lots of online tutorials showing how to install Let’s Encrypt certificates, but they tend to require quite a bit of technical expertise (knowledge of how to operate a Linux web server and manage root access) and rarely guide you on how to install it through a common shared hosting control panel. If your cPanel or other control panel instance doesn’t provide a feature like One Click Install for Let’s Encrypt SSL (and many don’t), then you may feel there’s no option but to fork out money for a certificate through your web hosting provider.

However, in this article I’ll show you how to install a Let’s Encrypt SSL certificate on your shared web hosting server using the services from SSL For Free. SSL For Free allows you to install a Let’s Encrypt SSL certificate without having to have root access and a VPS, but just a regular shared web hosting server.


Looking to take your SSL chops to the next level? Check out this amazing course by Nick Janetakis:

Nick Janetakis
Everything you need to take your site from insecure to an A+ rated secure site in just 3 hours. SitePoint fans get it for 40% off.

Installing Let’s Encrypt SSL Using SSL For Free

Step 1: Head over to the SSL For Free website.

Step 2: In the enter your website to secure input box, type your website domain address (for example: yourdomain.com).

SSL for Free

Step 3: SSL For Free will provide SSL certificates for yourdomain.com and www.yourdomain.com automatically.

Step 4: If you want to add another subdomain (for example: sub.yourdomain.com), click the Add / Edit Domains link, and you’ll be returned to the domain address input page.

Step 5: Add the subdomain you desire in the input box.

Verify your domain and/or subdomain by SSL For Free

There are three ways to verify your domain by SSL For Free (you can choose any one of them).

  1. The first is via Automatic FTP Verification. Here, you’ll be asked for data about your web hosting FTP account.
  2. The second is through Manual Verification. You’ll be prompted to download two files from SSL For Free, which you’ll later upload to your web hosting server.
  3. The third is through Manual Verification (DNS). This way, you’ll be prompted to create a new TXT record through your web hosting control panel.

Let’s take a look at each of the verification steps.

Method 1. Automatic FTP Verification

Step 1: Click the Automatic FTP Verification button.

Automatic FTP verification

Step 2: Below this, you’ll be prompted to input data from your web hosting FTP account. Input the data completely:

Entering FTP data

If you feel uncomfortable with this way (giving your FTP account access data), then you can choose the second way (which I highly recommend) below.

Method 2. Manual Verification

Step 1: You’ll be prompted to download two files generated by SSL For Free, which you’ll then upload to your web hosting server. Click Manual Verification. (Note: don’t close this tab/page!)

Step 2: Below, you’ll be prompted to download two files generated by SSL For Free. Download both files, saving them on your local computer.

Step 3: In accordance with the instructions of this SSL For Free page, create a new folder/directory called .well-known. (If you’re in a Windows environment, name it .well-known. — that is, with an extra dot at the end.) Inside that directory, create a new directory called acme-challenge. Copy-paste the two downloaded files into the acme-challenge directory.

Step 4: Now upload both files to your web hosting server using your preferred FTP application (such as FileZilla).

Step 5: Upload the .well-known directory from your local computer to the root directory of your web hosting server (its directory, not the contents in it).

Uploading the folder via FTP

Step 6: Now open a new tab/page in your browser and enter your domain URL, along with the location of the two files. Make sure you see the random numbers and letters:

The file paths

Step 7: Go back to the SSL For Free tab/page (page at Step 1) and click Download SSL Certificate. Make sure you don’t get a reply like this:

Error message to avoid

Step 8: If you get an error reply, please repeat Step 1 above, until SSL For Free loads the Loading SSL Certificate Account page. It will then proceed to the Generating SSL Certificate Securely page:

Generating and SSL certificate

Method 3. Manual Verification (DNS)

In this last verification method option, you’ll be prompted to create a new TXT record in your web hosting control panel.

Here’s what the steps look like in cPanel:

Step 1: Click the Manual Verification (DNS) button on the SSL For Free site.

Step 2: You’ll then be prompted to create a new TXT record according to the data on that page:

Setting up TXT records

Step 3: Open a new tab/page in your browser and log in to CPanel on your server. Go to Zone Editor, and add a record with the following data:

  • Type: TXT
  • Name: _acme-challenge.yourdomain.com.
  • TTL: 14400
  • TXT Data: [corresponding to the first TXT Record data in Step 2]

Click Add Record:

Clicking the Add Record button

Step 4: Then add the second new TXT record with the following data:

  • Type: TXT
  • Name: _acme-challenge.www.yourdomain.com.
  • TTL: 14400
  • TXT Data: [corresponding to the second TXT Record data in Step 2]

Once again, click Add Record.

Step 5: The final result will look something like this:

Complete TXT records in CPanel

Step 6: Go back to the SSL For Free tab/page (page at Step 1) and click the Download SSL Certificate. If you’ve set up the TXT records correctly, you should get a couple of results like this:

Confirming TXT records

Step 7: You’ll be taken to the Loading SSL Certificate Account page, and then to the Generating SSL Certificate Securely page:

Generating and SSL certificate

SSL Certificate from SSL For Free

Once SSL For Free successfully creates an SSL certificate, you’ll be prompted to input your email address and password to receive an email notification one week before your certificate expires (optional).

If you fill it in, or are already logged in, you’ll be shown a list of SSL certificates from the domain(s) you’ve registered in the SSL For Free service:

Domains registered on SSL for Free

On the same page, you’ll be shown data for the Certificate, Private Key, and CA Bundle for your domain. You can download those three certificates, or input them one-by-one into your cPanel web hosting server:

SSL certificates

Installing SSL certificates in your cPanel web hosting server

SSL For Free provides links to various guides for installing SSL certificates, but here I’m just showing how to install SSL certificates on a cPanel web hosting server.

Step 1: Access to your web hosting server cPanel. Click on the SSL/TLS icon (under “Security”).

Step 2: In the Install and Manage SSL for your site option at the bottom, click the Manage SSL Certificate link.

Step 3: Select your domain that’s been registered for SSL through SSL For Free.

Step 4: Copy and paste the certificate data that SSL For Free has generated to each input box (Certificate, Private Key, and CA Bundle data).

Step 5: At the bottom of this page, click Install Certificate. Click OK in the notification confirming your certificate was successfully installed on your web server. Next, you’ll be shown a list of domains that have SSL certificates installed.

Checking your SSL certificate

You can confirm once again that your SSL certificate is already installed correctly. Go to the Namecheap SSL Checker, then input your domain address, or you can go directly to https://decoder.link/sslchecker/yourdomain.com/443.

You should get reports similar to this:

Namecheap confirmation

You can also do the checking at Qualys SSL Labs at https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com.

NOTE: once your SSL certificate has been successfully installed, in order for HTTPS to run perfectly, don’t forget to change your default site address from http://yourdomain.com to https://yourdomain.com. You can do this by using an .htaccess file (there are plenty of tutorials on this out there) or if you use WordPress, you can directly assign HTTPS address via the WordPress Admin Dashboard.

In closing

I hope this tutorial has shown you how easy it is to use Let’s Encrypt to secure your website on shared hosting. Admittedly, having to use a third-paty intermediary isn’t ideal, but it’s not a big downside when you consider the money you can save. There’s no need to go out and buy a certificate again.

One thing to remember with Let’s Encrypt certificates is that they only last for 90 days, rather than a year (like many paid certificates). A common way to automate reinstallation is via a cron job, although these aren’t always allowed on shared hosting. I recommend you talk to your web host to see what’s available from them in this regard.