What’s in the list
Each row is one certificate, with these columns:- Domains. The hostnames on the cert. Multi-domain (UCC/SAN) certs list all of them.
- Issuer. The Certificate Authority that signed it (Let’s Encrypt, Sectigo, CloudFlare, Inc., your account name for self-signed).
- Expiration (UTC). The “not after” date on the cert.
- Key Type. RSA 2048-bit / 4096-bit / ECDSA P-256 / ECDSA P-384.
- Description. Free-form note you can attach to a cert.
- Actions. Edit, Delete, Install.
Per-row actions
| Action | What it does |
|---|---|
| Edit | Update the description. The cert body itself isn’t editable; if it’s wrong, delete and re-upload. |
| Delete | Remove the cert from the server. If the cert is currently installed on a domain, the domain falls back to a default cert until you install a replacement. |
| Install | Open the Installation tab pre-loaded with this cert. The familiar “Install an SSL Website” form. |
Upload a third-party certificate
If you bought a certificate from DigiCert, Sectigo, GoDaddy, Comodo, or any other paid CA, this is where you paste the issued certificate body so cPanel knows about it.
Paste or upload the cert body
Either paste the contents of your
.crt file into the text area, or use the file picker to select the .crt directly. Both work.Don’t paste the full chain (cert + intermediates + root) here. Just the leaf certificate. cPanel sources the intermediates automatically; if it can’t, you’ll provide them on the Installation tab under CABUNDLE.Add a description (optional)
A short note about which CA, which domain, when you bought it. Searchable in the list later.
Click Save Certificate or Upload Certificate
The cert lands in the table. It is not yet installed on any domain; click Install on the row, or go to the Installation tab, to deploy it.
Generate a self-signed certificate
Useful for testing or for an internal-only service. Browsers won’t trust the cert (they’ll throw a warning), so don’t use this on production sites.
Pick or generate a key
From the Key dropdown, either generate a new RSA 2048-bit key (the default) or pick an existing one from the Keys tab.
Fill in the certificate fields
- Domains. One per line. Wildcards are allowed (
*.example.com). - City. Full city name, no abbreviations.
- State. Full state or province name.
- Country. Pick from the dropdown.
- Company. Legally-registered name. For a personal cert, your name is fine.
- Company Division. Optional. Department or sub-team.
- Email. Optional but recommended. Verification address if you ever switch this to a real CSR.
- Description. Free-form note.
Common issues
Uploaded a paid cert but it won't install
Uploaded a paid cert but it won't install
Two things to check: the matching private key is in the Keys tab, and the CA bundle (intermediate certificates) is either picked up automatically or pasted manually on the Installation tab.
The cert covers more domains than the install allows
The cert covers more domains than the install allows
cPanel will only install on domains attached to your account. If the cert was issued for
partner-domain.com, you can store it but you can’t install it here unless you add partner-domain.com as an addon or alias first.I want to delete a cert that's still in use
I want to delete a cert that's still in use
cPanel warns when the cert is installed on at least one domain. Confirm to delete; the domain falls back to the default account cert. Replace it with a working cert via the Wizard before browsers notice.