How to Install Premium SSL on Hostname in CWP on Apache

Sometimes, you may choose to install premium SSL such as Comodo Positive SSL or Rapid SSL on your hostname instead of the free Let’s Encrypt SSL provided by CWP. Below are the steps to achieve this:


– Create an A record for your hostname and point it to your CWP VPS IP address. We’ll assume our hostname is

1. Login to your WHM interface

2. Navigate to Server Settings>>Change Hostname. Add the hostname created in earlier and click Change Hostname button.

You can also change the hostname fro SSH by using the command below

[root@vps10123 ~]# hostnamectl set-hostname

Note that the act of simply changing the hostname via the WHM interface installs free SSL for your hostname, but we’ll ignore this one as we intend to install our own.

3. Navigate to Webserver Settings>>SSL Certificates in WHM interface

4. Click Generate CSR and fill in the details in the fields provided then click Generate. You will have created a CSR and Key for your SSL.

Viewing a CSR and Key already generated in CWP

5. Use the CSR to request for a certificate from your vendor.

6. Once you get the certificate files from vendor, upload the .crt (sometimes .cert) and the certificate bundle file and save them in your certificate folder. This folder is normally /etc/ssl/certs or /etc/pki/tls/certs/ . CWP keeps a copy of certificates in both these directories by standard. So your certificate file could be saved in one of these locations as

7. Access the hostname config file at /usr/local/apache/conf.d/hostname-ssl.conf

8. Look for the following three lines

SSLCertificateFile /etc/pki/tls/certs/hostname.crt

SSLCertificateKeyFile /etc/pki/tls/private/hostname.key

SSLCertificateChainFile /etc/pki/tls/certs/hostname.bundle

9. Replace them with the correct path for each of the files ie your certificate, your key and your certificate bundle. The key and bundle are saved in the folders in step 6 above by default. Wherever you’ll put your certificate file, make sure to note and replace the path appropriately. In the end, the three lines looked like this:

SSLCertificateFile /etc/pki/tls/certs/

SSLCertificateKeyFile /etc/pki/tls/private/ .key

SSLCertificateChainFile /etc/pki/tls/certs/ .bundle

10. Restart Apache and you’re set.

Leave a Reply

Your email address will not be published. Required fields are marked *