AutoSSL via Let's Encrypt covers most needs — it is free and renews automatically. However, there are situations where a paid SSL certificate provides features or coverage that Let's Encrypt does not.

When to consider a premium or wildcard certificate

• Wildcard SSL — covers your main domain and all subdomains (*.yourdomain.com) with a single certificate. Let's Encrypt offers free wildcard certificates, but obtaining one requires DNS-based validation that is not automated by AutoSSL in all configurations. A paid wildcard simplifies this.
• Multi-domain (SAN) SSL — covers multiple unrelated domains on a single certificate. Useful if you manage several domains and want one certificate to cover all of them.
• Extended Validation (EV) SSL — displays a verified organization name in some browsers. Used by financial institutions and large enterprises to signal identity assurance to customers.
• Organisation Validation (OV) SSL — similar to DV (domain validation) but verifies the company identity. Required by some enterprise or government procurement policies.

Generate a CSR in cPanel

Before purchasing an SSL certificate from any provider, generate a Certificate Signing Request (CSR) from your server:

1. Log in at https://tpc-hosting.com/login and open cPanel.
2. Under Security, click SSL/TLS.
3. Click Generate, view, or delete SSL certificate signing requests.
4. Fill in your organisation details (domain, company name, country, etc.).
5. Click Generate.
6. Copy the CSR text and submit it to your SSL provider when purchasing the certificate.

Install a purchased SSL certificate

1. After completing validation with your SSL provider, download the certificate files: the certificate (.crt), the CA bundle (intermediate certificates), and your private key (generated with the CSR).
2. In cPanel, go to Security → SSL/TLS → Manage SSL Sites.
3. Select the domain from the dropdown.
4. Paste the certificate into the Certificate (CRT) field.
5. Paste the CA bundle into the Certificate Authority Bundle (CABUNDLE) field.
6. The private key should auto-populate if it was generated in cPanel. If not, paste it manually.
7. Click Install Certificate.

Verify the installation

After installation, visit https://yourdomain.com and check the padlock in your browser. To check certificate details (issuer, expiry, covered domains), click the padlock → Connection is secure → Certificate is valid.

Use https://www.ssllabs.com/ssltest/ for a detailed analysis of your SSL configuration, including chain completeness and cipher strength.