Install an ACME SSL Certificate on cPanel using SeFlowSSL CaaS (Sectigo ACME)

Install an ACME SSL Certificate on cPanel using SeFlowSSL CaaS (Sectigo ACME)

SeFlowSSL CaaS (Sectigo ACME) can be integrated with cPanel to automate SSL/TLS certificate issuance, installation, and renewal. Through ACME automation, certificates can be managed without manual intervention.

Prerequisites

• Server running cPanel and WHM.
• Root SSH access.
• Domain already configured on the server.
• SeFlowSSL CaaS ACME credentials.
• Internet connectivity to the ACME endpoint.

Step 1. Access the SSH Terminal

Connect to the server using SSH as the root user.

ssh root@server.example.com

You may also use the built-in WHM terminal:

1. Log in to WHM.
2. Open the Advanced section.
3. Select Terminal.
4. Confirm terminal access.

Step 2. Install ACME.sh

ACME.sh is a lightweight ACME client fully compatible with SeFlowSSL CaaS and cPanel environments.

curl https://get.acme.sh | sh

Step 3. Register the ACME Account

Register the ACME account using the endpoint and EAB credentials provided by SeFlowSSL CaaS.

~/.acme.sh/acme.sh --register-account \
--server https://YOUR_ACME_SERVER/directory \
--eab-kid YOUR_EAB_KID \
--eab-hmac-key YOUR_EAB_HMAC_KEY

Parameters to customize

• YOUR_ACME_SERVER is the ACME endpoint provided by SeFlowSSL CaaS.
• YOUR_EAB_KID is the assigned EAB identifier.
• YOUR_EAB_HMAC_KEY is the EAB authentication key.

Step 4. Issue the SSL Certificate

Request the certificate using the webroot validation method.

~/.acme.sh/acme.sh --issue \
--webroot /home/USERNAME/public_html \
--domain yourdomain.com \
--server https://YOUR_ACME_SERVER/directory

For multi-domain or SAN certificates, add additional --domain parameters.

~/.acme.sh/acme.sh --issue \
--webroot /home/USERNAME/public_html \
--domain yourdomain.com \
--domain www.yourdomain.com \
--server https://YOUR_ACME_SERVER/directory

Step 5. Automatically Install the Certificate in cPanel

After issuance, the certificate can be automatically installed into cPanel's SSL infrastructure.

~/.acme.sh/acme.sh --install-cert \
-d yourdomain.com \
--key-file /var/cpanel/ssl/apache_tls/yourdomain.com/combined.key \
--fullchain-file /var/cpanel/ssl/apache_tls/yourdomain.com/combined.crt \
--reloadcmd "/usr/local/cpanel/bin/apache_conf_distiller --update && /scripts/rebuildhttpdconf && /scripts/restartsrv_httpd"

Once completed, the certificate will be available in the SSL/TLS section of cPanel.

Verify the Installation

1. Log in to cPanel.
2. Open SSL/TLS Status.
3. Verify the installed certificate.
4. Check the expiration date and issuing certificate authority.

Automatic Renewal

ACME.sh automatically creates a scheduled renewal task to renew certificates before expiration.

To test the automatic renewal process:

~/.acme.sh/acme.sh --cron --force

If the command completes successfully, the system is correctly configured for automatic renewal through SeFlowSSL CaaS.