Knowledge Base: Starting up
Let's Encrypt (FREE) SSL Certificates
There are two important prerequisites to be met in order for a certificate to be able to issued and most users will fulfil these requirements automatically.:
- The domain name(s) you want signed must be pointing to our server already
The Let’s Encrypt CA must be able to visit http://your-domain/.well-known/acme-challenge/xxx successfully.
These directories/files will be created automatically, but you should take care that you do not have any .htaccess rules that prevent access.
To install Let's Encrypt SSL certificate from youc cpanel > Security > Let's Encrypt SSL .. choose the domain to install the SSL certificate and click on "Issue Single" Link.
Due to the automated nature of Let's Encrypt, the certificates are issued for 90 days. System will attempt to renew the certificate 30 days from expiry.
Here are the most common errors you face during SSL installation
Rate limit error - too many certificates for this domain
Most likely, you have issued and deleted certificates of the same root domain too many times. These limits are quite low during the Let’s Encrypt beta period.
Rate limit error - too many registrations
The server may have hit a rate limit for too many new account registrations for a single IP address.
In this case, you should be able to proceed within 24 hours.
This is intermittent with the Let’s Encrypt service, you should be able to try again immediately and succeed.
Failed to issue certificate: The Let’s Encrypt HTTP challenge failed - is .well-known/acme-challenge accessible in your webroot?
First, you need to check that you can actually access http://your-domain.com/.well-known/acme-challenge . If you cannot, then the issue is likely an .htaccess rule blocking access.