Contents
7 sections · 7 min read
SSL certificate padlock with Let's Encrypt logo showing free certificate installation
Domain Security

How to Get a Free SSL Certificate for Your Website (Let's Encrypt)

A
Domain 360 Team
·June 25, 2026·7 min read

The question "how do I get an SSL certificate" almost always has the same answer: your hosting provider probably already installed one, or you can get one from Let's Encrypt for free. Let's Encrypt issued over 300 million certificates in 2024 alone. Here is how to access it through every common setup.

Check if You Already Have SSL

Before installing anything, check whether SSL is already configured. Visit your website at https://yourdomain.com. If it loads without a browser warning, you have a valid SSL certificate. If it redirects to http:// or shows a certificate error, you need to set one up.

In cPanel or DirectAdmin hosting, find the SSL/TLS section — most providers now show the current certificate status here.

Option 1: Hosting Control Panel (Simplest — No Technical Knowledge Required)

Most shared hosting providers install Let's Encrypt certificates automatically through their control panel.

cPanel hosting (Hostinger, Bluehost, SiteGround, Namecheap, etc.): Log in to cPanel. Look for "SSL/TLS Status" or "Let's Encrypt SSL" in the Security section. Click to enable for your domain. The certificate is issued and installed within minutes.

Some hosts enable SSL automatically when you add a domain — check whether it is already active before doing anything.

Option 2: Cloudflare (Covers the CDN Layer)

If your domain is using Cloudflare as a proxy (orange cloud in DNS settings), Cloudflare provides its own Universal SSL certificate for the connection between visitors and Cloudflare. This covers the visitor-facing side.

For the connection between Cloudflare and your origin server, you need a certificate on the origin too — either Let's Encrypt on the origin, or a Cloudflare Origin Certificate (available free from your Cloudflare dashboard under SSL/TLS, Origin Server).

For a fully encrypted chain, use Cloudflare SSL mode Full (strict) with a valid origin certificate.

Option 3: Certbot on a VPS or Dedicated Server

For servers you manage directly (VPS, cloud instances, dedicated servers), Certbot is the standard tool.

Ubuntu/Debian + Nginx: sudo apt update sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Follow the prompts. Certbot modifies your Nginx config and sets up auto-renewal.

Ubuntu/Debian + Apache: sudo apt install certbot python3-certbot-apache sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

Auto-renewal: Certbot installs a cron job or systemd timer automatically. Test it with: sudo certbot renew --dry-run

Option 4: DNS Validation for Wildcard Certificates

For a certificate covering all subdomains (*.yourdomain.com):

sudo certbot certonly --manual --preferred-challenges dns -d yourdomain.com -d *.yourdomain.com

Certbot will instruct you to add a TXT record to your DNS. Add the record, wait a few minutes for propagation, then press Enter to continue. The certificate issued will cover both the root domain and all subdomains.

Setting Up HTTPS Redirect

Having a certificate does not automatically redirect http to https. After installation, add a redirect in your server configuration or hosting control panel.

In cPanel: Find Force HTTPS Redirect in the Domains section. In Nginx: Add a server block that redirects http to https. In Cloudflare: SSL/TLS, Edge Certificates, set "Always Use HTTPS" to On.

The Certificate and Domain Connection

SSL certificates are issued for specific domains. They expire (Let's Encrypt at 90 days, most commercial at 398 days). They must be renewed to remain valid.

But before any certificate question, the domain itself must remain registered. An expired domain pulls the certificate with it — not because the certificate expires, but because DNS stops resolving and there is no server to terminate connections. Every SSL setup depends on the underlying domain staying active.

Tracking domain expiry independently — with automatic alerts before renewal deadlines — is the maintenance layer that keeps SSL, email, and everything else working.

Never lose a domain again

Track every domain you own in one dashboard. Free for up to 15 domains.