How to Install a Free SSL Certificate with Let's Encrypt

Why SSL Is Non-Negotiable

SSL (Secure Sockets Layer) — now technically TLS — encrypts the connection between your website and its visitors. Without it, data passes in plain text: passwords, form submissions, payment details. Beyond security, Google uses HTTPS as a ranking signal, and modern browsers actively warn users when visiting non-HTTPS sites with a "Not Secure" badge. There's simply no good reason not to have SSL in place.

Let's Encrypt is a free, automated, and open certificate authority backed by major tech companies. It has made SSL accessible to everyone.

Method 1: Through cPanel (AutoSSL)

If your hosting provider runs cPanel (version 60 or later), this is by far the easiest approach.

1. Log in to cPanel and navigate to the Security section.
2. Click SSL/TLS Status.
3. You'll see a list of all your domains and their current SSL status.
4. Select the domains you want to secure and click Run AutoSSL.
5. cPanel will automatically request, validate, and install a Let's Encrypt certificate.
6. AutoSSL also handles renewals automatically every 90 days — you don't need to do anything.

That's it. Most cPanel hosts have AutoSSL configured by default, so your SSL may already be active.

Method 2: Using Certbot on a Linux VPS

If you manage your own server (Ubuntu/Debian with Nginx or Apache), Certbot is the official Let's Encrypt client.

Install Certbot

sudo apt update
sudo apt install certbot python3-certbot-nginx  # For Nginx
# OR
sudo apt install certbot python3-certbot-apache  # For Apache

Obtain and Install the Certificate

For Nginx:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

For Apache:

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

Certbot will verify domain ownership via an HTTP challenge, obtain the certificate, and automatically update your server configuration to enable HTTPS.

Set Up Auto-Renewal

Let's Encrypt certificates expire every 90 days. Certbot installs a systemd timer or cron job to handle this automatically. Test it with:

sudo certbot renew --dry-run

Method 3: Through Your Hosting Provider's Dashboard

Many managed hosting providers (Kinsta, SiteGround, Cloudways, etc.) include one-click Let's Encrypt installation directly in their custom dashboards. Check your provider's documentation — it may be even simpler than cPanel AutoSSL.

After Installation: Important Checks

• Force HTTPS redirects: Add a redirect in .htaccess (Apache) or your Nginx config to send all HTTP traffic to HTTPS. Without this, both HTTP and HTTPS versions of your site exist simultaneously.
• Update internal links: Ensure your CMS (e.g., WordPress) has its site URL updated to use https://.
• Check for mixed content: Use browser developer tools or an online SSL checker to identify any resources (images, scripts) still loading over HTTP.
• Test your SSL configuration: Run your domain through SSL Labs' SSL Test to check your certificate grade and identify any configuration weaknesses.

Wildcard Certificates

If you need to secure multiple subdomains (e.g., blog.yourdomain.com, shop.yourdomain.com), Let's Encrypt also issues wildcard certificates (*.yourdomain.com) via DNS validation. This requires Certbot with DNS plugin support for your DNS provider.

Summary

Installing SSL is free, fast, and in most cases fully automated. There's no longer any justification for running a website over plain HTTP. Whether you use cPanel's AutoSSL or Certbot on a VPS, you can have HTTPS running in under 15 minutes.