under SSL/TLS you'll find "Manage AutoSSL"
Under "providers", you'll see "Let's Encrypt". That's a new option that was created by running the command as root.
Select "Let's Encrypt". Then agree to their terms of service and create a new registration with Let's Encrypt if necessary. Under the managed users tab you can enable / disable AutoSSL by account.
Now, under the control panel of each individual account, under SECURITY > SSL/TLS, find Install and Manage SSL for your site (HTTPS)" select "Manage SSL Sites".
If you end up with a self signed certificate (which you don't want) instead of a Let's Encrypt cert, delete the cert in the individual account. Click the "run AutoSSL for all users" button as root under "Manage Auto SSL". When you refresh the individual user, the correct cert should be there.
Thanks. I didn't think that worked for accounts that already had a comodo cert. My main issue is where to go to redirect http to https. Right now I am going to each individual htaccess file. (blogged about it here: http://www.standardista.com/lets-encrypt-on-cpanel/). I was unable to do it via "redirects".
They recently announced they're doing wildcards. Once that's been released, there isn't really much stopping you from generating a single wildcard SSL cert. Unless you try to generate a SSL cert for subdomain2.subdomain1.example.com; in which case that'd fail and you'd need to create a new wildcard covering subdomain2.subdomain1.example.com.