Securing cPanel/WHM services with a wildcard SSL certificate

All this is moot.

From version 56 of cPanel/WHM onwards, cPanel will generate a Comodo-backed SSL certificate for your server’s hostname.  It won’t protect proxied service URLs such as webmail.*, cpanel.*, whm.*, etc. but it will allow you to access cPanel/WHM via a fully certified certificate.

From version 58 of cPanel/WHM onwards, every domain on your cPanel/WHM server is able to receive a free Comodo-backed SSL certificate – valid for 90 days, but is automatically regenerated by the system.  It’s an alternative to Let’s Encrypt, support for which will be eventually be made available via an external plugin.