How to uninstall/remove SSL certifcate in cPanel

This guide walks you through removing or uninstalling an SSL certificate from your cPanel account. You might need to do this when replacing an existing certificate with one from a different provider, troubleshooting certificate issues, or intentionally removing SSL from a domain. Removing an SSL certificate is not the same as cancelling it — your browser and visitors will immediately notice the change.

1. Remove SSL via SSL/TLS Status (Recommended)

1. Log in to your cPanel account.
2. Navigate to the Security section and click SSL/TLS Status.
3. Find the domain you want to remove the certificate from.
4. Check the box next to the domain name, then click Remove from the toolbar.
5. Confirm the removal when prompted.

2. Alternative — Remove via Manage SSL Sites

1. Go to SSL/TLS → Manage SSL Sites.
2. Select the domain from the dropdown menu.
3. Click Delete Certificate to remove the installed certificate.

3. Disable AutoSSL (If You Do Not Want Automatic Re-Issuance)

After you remove a certificate, AutoSSL will automatically re-issue a free certificate within 24 hours for any domain included in its configuration. If you intentionally removed SSL and do not want it replaced:

1. Go to SSL/TLS Status.
2. Click Manage AutoSSL (or Autossl under the SSL/TLS menu).
3. Under Include Domains During AutoSSL Provisioning, remove the checkmark next to the domain.
4. Click Save.

Important Notes

• HTTPS breaks immediately: Once the certificate is removed, visitors accessing https://yourdomain.com will see a browser warning such as "Your connection is not private" or "NET::ERR_CERT_AUTHORITY_INVALID". This is expected.
• HTTP still works: The site remains accessible over http:// unless you have .htaccess rules forcing HTTPS.
• AutoSSL re-issuance: cPanel's AutoSSL checks daily. Even after removal, it will install a new certificate within 24 hours unless the domain is excluded (see Step 3).
• Forced HTTPS redirects: If your .htaccess file has rewrite rules forcing HTTPS, visitors will hit a redirect loop or error after SSL removal. Check your .htaccess for RewriteCond %{HTTPS} off or similar rules and remove or comment them out.
• Third-party SSL providers: If the certificate was purchased from a provider (e.g., Sectigo, DigiCert), removing it from cPanel does not cancel the subscription. You must cancel separately through the provider or your hosting account.

Troubleshooting

Remove button is greyed out or missing

• This usually means the certificate is managed by AutoSSL. Exclude the domain from AutoSSL first (Step 3 above), wait a few minutes, then try removing again.
• If you still cannot remove it, use the Manage SSL Sites method (Step 2) which provides a direct Delete Certificate option.

Site still shows HTTPS / padlock after removal

• Browser cache: Hard-refresh with Ctrl + F5 (Windows) or Cmd + Shift + R (Mac). Browsers aggressively cache HSTS and SSL decisions.
• HSTS preload: If the domain was previously on the HSTS preload list, browsers will refuse HTTP connections for up to 12 months regardless of the certificate status. Check at hstspreload.org.
• CDN or proxy: If you use Cloudflare, Sucuri, or another CDN, SSL may be terminated at their level. Log into your CDN dashboard and check the SSL/TLS settings there.
• .htaccess redirect: Check for RewriteEngine On followed by RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} — comment out or remove the HTTPS redirect block.

Error: "This website has a redirect loop" (ERR_TOO_MANY_REDIRECTS)

• This happens when .htaccess is forcing HTTPS but the SSL certificate is gone. Remove or comment out the HTTPS redirect rules in .htaccess, then clear your browser cache.

Need further help?

• If you cannot remove the certificate through either method, or if AutoSSL keeps re-issuing despite being disabled, contact our support team with your domain name and a description of what you have tried.