How to Set Up an SSL Certificate on Shared Hosting: A Step-by-Step Walkthrough

If you’re running a website on a shared hosting plan and still see that scary “Not Secure” warning in your visitors’ browsers, this guide is for you. In this practical tutorial, we’ll show you exactly how to set up SSL on shared hosting using cPanel and Let’s Encrypt, point out the common errors beginners run into, and help you verify HTTPS is working site-wide after activation.

No dedicated IP needed, no command line gymnastics, and no paid certificates required. Let’s get your padlock up and running.

Why SSL Matters in 2026 (Even on Shared Hosting)

SSL/TLS is no longer optional. Browsers like Chrome, Firefox, and Safari actively warn users when a site doesn’t serve content over HTTPS. Beyond trust signals, SSL is also a confirmed Google ranking factor and a requirement for many modern web features (PWAs, payment APIs, geolocation, etc.).

The good news: thanks to SNI (Server Name Indication), you no longer need a dedicated IP address to install an SSL certificate on shared hosting. Almost every modern shared hosting provider supports SNI by default.

padlock website security

What You’ll Need Before Starting

  • A shared hosting plan with cPanel access (Bluehost, Namecheap, Hostinger, SiteGround, GoDaddy, etc.)
  • Your domain pointed correctly to your hosting (A record or nameservers)
  • Login credentials for your cPanel
  • About 10 minutes

Method 1: The Easiest Way – AutoSSL in cPanel (Recommended)

Most shared hosts now ship with AutoSSL, which automatically issues and renews free Let’s Encrypt or Sectigo certificates. Always try this method first.

Step 1: Log Into Your cPanel

Access cPanel via your hosting dashboard or directly at https://yourdomain.com/cpanel. Look for the Security section.

Step 2: Open the SSL/TLS Status Tool

In the Security section, click on SSL/TLS Status. You’ll see a list of all domains and subdomains hosted in your account.

Step 3: Run AutoSSL

  1. Select all your domains using the checkboxes
  2. Click Run AutoSSL
  3. Wait 1 to 5 minutes while the certificates are issued
  4. The status icons should turn green with a padlock

That’s it. Skip to the verification section below.

Method 2: Manual Let’s Encrypt Installation in cPanel

If your host disabled AutoSSL or it failed for some reason, you can install Let’s Encrypt manually.

Step 1: Find the Let’s Encrypt Plugin

In cPanel, scroll to the Security section and look for Let’s Encrypt SSL. If you don’t see it, your host may use a different brand name like “Free SSL” or “AutoSSL Manager”.

Step 2: Issue a New Certificate

  1. Click Issue next to the domain you want to secure
  2. Select both the root domain (yourdomain.com) and the www subdomain
  3. Choose http-01 as the validation method (default)
  4. Click Issue at the bottom

Step 3: Confirm Installation

After a successful issue, you’ll see a confirmation message and your domain will appear under the Issued tab with the expiration date (typically 90 days, auto-renewed).

padlock website security

Method 3: Uploading a Third-Party SSL Certificate Manually

If you bought an SSL from a provider like Namecheap, Sectigo, or DigiCert, here’s how to install it via cPanel.

  1. Go to Security > SSL/TLS in cPanel
  2. Click Manage SSL sites
  3. Select your domain from the dropdown
  4. Paste the Certificate (CRT), Private Key (KEY), and Certificate Authority Bundle (CABUNDLE) into the appropriate fields
  5. Click Install Certificate

Forcing HTTPS Site-Wide

Installing the certificate is only half the job. You need to redirect all HTTP traffic to HTTPS so visitors and search engines always land on the secure version.

Option A: Using cPanel’s Force HTTPS Toggle

In Domains section of cPanel, find your domain and toggle Force HTTPS Redirect to ON. Done.

Option B: Editing .htaccess Manually

Open File Manager, navigate to public_html, and edit .htaccess. Add this code at the top:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Option C: WordPress Users

If you’re on WordPress, install the free Really Simple SSL plugin. It handles redirects, mixed content fixes, and HSTS in one click.

Verifying HTTPS Works Site-Wide

Once everything is installed, test thoroughly:

  1. Visit your site at https://yourdomain.com and check for the padlock icon
  2. Test the www version: https://www.yourdomain.com
  3. Run an SSL Labs test at ssllabs.com/ssltest – aim for an A or A+ rating
  4. Check for mixed content using your browser’s developer console (F12). Look for any HTTP resources being loaded on HTTPS pages
  5. Test HTTP to HTTPS redirect by typing http://yourdomain.com and confirming it redirects automatically
padlock website security

Common Errors and How to Fix Them

Error Cause Fix
NET::ERR_CERT_COMMON_NAME_INVALID Certificate doesn’t cover the domain you’re visiting Re-issue covering both root and www variants
Mixed Content Warning Some resources still load over HTTP Use Really Simple SSL plugin or update URLs in database
AutoSSL Failed: DCV Error Domain Control Validation failed (DNS not pointing correctly) Verify A records and wait for propagation
Too Many Redirects Conflict between cPanel redirect and CMS redirect Disable one of the two redirect rules
Rate Limit Exceeded Too many Let’s Encrypt requests in 7 days Wait 7 days or use Sectigo via AutoSSL

Best Practices After Installation

  • Update your sitemap and robots.txt to use HTTPS URLs
  • Add the HTTPS version to Google Search Console as a separate property
  • Update internal links in your CMS to use HTTPS
  • Enable HSTS for stronger security (only after you’re confident HTTPS works perfectly)
  • Set a calendar reminder 60 days from now to confirm auto-renewal worked

FAQ

Do I need a dedicated IP for SSL on shared hosting?

No. Thanks to SNI support in all modern browsers and servers, you can install SSL on a shared IP address without any issues.

Is Let’s Encrypt really free?

Yes. Let’s Encrypt is a non-profit certificate authority that issues fully trusted SSL certificates at no cost. Certificates last 90 days and renew automatically through cPanel’s AutoSSL.

How long does it take for SSL to activate?

Usually 1 to 5 minutes after issuing through cPanel. If your DNS just changed, you may need to wait up to 24 hours for full propagation.

Will installing SSL break my website?

It shouldn’t, but you may see mixed content warnings if your pages load images, scripts, or stylesheets via HTTP. Use a plugin like Really Simple SSL (WordPress) or update your URLs to fix this.

Can I install SSL on a subdomain?

Yes. Both AutoSSL and the manual Let’s Encrypt method in cPanel let you select subdomains during the issue process.

What happens after 90 days?

Let’s Encrypt certificates renew automatically when issued via cPanel’s AutoSSL. You don’t need to do anything as long as your domain DNS keeps pointing to the host.

Do I still need a paid SSL?

For most blogs, business sites, and small e-commerce shops, free Let’s Encrypt is perfectly fine. Paid certificates (especially EV or OV types) are useful only when you need extended validation, warranties, or static-IP-bound certificates.

Wrapping Up

Setting up SSL on shared hosting in 2026 is fast, free, and beginner-friendly. By using cPanel’s AutoSSL or the built-in Let’s Encrypt tool, you can secure your site in under 10 minutes without touching the command line. Run the verification steps above, fix any mixed content warnings, and your site will be ready for the modern web.

Need help with cybersecurity or hosting hardening? Get in touch with our team at 11h-fire, we’d be happy to audit your setup.

Leave a Comment