AutoSSL - Switch from Sectigo to Let's Encrypt

andrewmoras

• January 31, 2023 05:26

Hey everyone, When reading the subject you might think "Not another Sectigo AutoSSL post" and roll your eyes but please bear with me because I'm trying to understand the mechanics behind cPanel's Let's Encrypt implementation and figure out a plan. I won't repeat what everyone has been posting here for past 2 years or so, that Sectigo's SSLs aren't being issued on time, that end users get affected by this problem on a regular basis or that support costs are increased because of this and I'll get straight to the point ( :cool: @cPRex). On a non-cPanel Let's Encrypt implementation, whenever you set up Let's Encrypt, you'll share an email address that receives a notification whenever the SSL certificate expires. The email received when the SSL is 20 days from expiration is something along these lines: "Let's Encrypt certificate expiration notice for domain "amazing.domain.com" and it comes from the Let's Encrypt Expiry Bot I'm curious how does this work in the cPanel's implementation and if cPanel shares the email address of each customer with Let's Encrypt in order to receive these notifications or if Let's Encrypt receives any kind of personal information shared with them during this process. I've been looking in the documentation, in the code but it's still not clear to me how this works. Is the server's contact address shared with Let's Encrypt? I really want to switch from Sectigo to Let's Encrypt for everything because I'm fed up with the hourly/daily/weekly/monthly problems they have but first I'd like to know how this works and make sure that end user information isn't shared with a third party without consent. Thanks, Andrew

• 

  cPRex Jurassic Moderator

  • January 31, 2023 12:17

  Hey there! Our implementation is a bit different - we use our own SSL notification setup through WHM >> Contact Manage and WHM >> Manage AutoSSL. You won't get the notifications from Let's Encrypt at all, but they all come directly from the cPanel server. I'm not aware of us sending any type of contact data to Let's Encrypt.

  0
• 

  andrewmoras

  • January 31, 2023 13:02

  Thank you @cPRex - that's awesome. I don't want those notifications at all so if they're suppressed then they won't be sent out. Last question: in a scenario where customer is using a Sectigo SSL and the server is switched to Let's Encrypt, when the Sectigo SSL expires, it will be automagically replaced with the new Let's Encrypt one and no notification is sent out? Thanks, Andrew

  0
• 

  cPRex Jurassic Moderator

  • January 31, 2023 15:10

  Yes - it will seamlessly handle that change for you!

  0

Please sign in to leave a comment.