[How-To] Installing SSL from Let's Encrypt
UPDATE: As of cPanel and WHM version 58 the AutoSSL feature now includes Let's Encrypt support. This blog post will help you get set up there.
Anyone using the custom workaround on this thread may want to keep this in mind when using these steps.
The following below will show you how to install the Let's Encrypt client and how to generate and install SSL certificates from Lets Encrypt via the WHM API using a custom workaround.
Installing the Let's Encrypt Client on CentOS 6.x
Please note: The Let's Encrypt client requires / prefers python 2.7, so we will install Python 2.7 alongside Python 2.6. Don't worry it won't break anything.
Installing the Let's Encrypt Client on CentOS 7.x
NOTE: The Let's Encrypt installer will create the /etc/letsencrypt/renewal and /etc/letsencrypt/csr directories as world readable. The administrator may want to tighten the readability of these directories to fit their requirements. Generate an SSL You will be required to enter your email and accept their license agreement. I would recommend using the server admins email. Also make sure you replace "cPanelUser" with your actual username. This is require to allow the Let's Encrypt client to create the auth files for the domain and be able to access them during the authorization. Please note if you are installing a subdomain or addon domain that points to another path, that you set the path of the subdomain or addon domain.
For all subsequent runs use the following below, as there is no need to re-provide your email or re-agree to the TOS.
By adding the renew-by-default command you can add this to a cron to run every 60 (recommended) or say 85 days to avoid this expiring before you are sure the new certs are retrieved. Then all you need to do is simply run the install script below again to install the updated certificate to cPanel.
You can also generate an SSL certificate via Get HTTPS for free!, there are additional steps that are required however. Script to automatically install the SSLs you generated This script will be used to install the SSL's you generated to cPanel/WHM via the API. Please note the following things. 1. You must replace "rootpass" with your actual root password. 2. The CA Bundle is not by default in the location below and is generally saved to /etc/letsencrypt/live/domain.com/fullchain.pm and is the second cert in the file. I have included the CA Bundle below the script so you can create this.
Add the Let's Encrypt CA Bundle Let's Encrypt should now include the CA Bundle when generating certs. It will be saved as chain.pem In the event that is missing or not created you can manually create the CA for use with the script below and change "my $cafile" in the script above to use this file instead.
When editing that file set the following below and save Note: This has been updated with the Let's Encrypt Authority X3
Running the script First make the script executable. Then run the script with the main domain of the certificate generated from Let's Encrypt.
There you go you are all set and ready to generate and install SSLs from Let's Encrypt automatically via the command line.
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm
yum -y install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv --enablerepo=ius
cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd /root/letsencrypt
sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
./letsencrypt-auto --verbose
Installing the Let's Encrypt Client on CentOS 7.x
yum -y install git
cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd /root/letsencrypt
./letsencrypt-auto --verbose
NOTE: The Let's Encrypt installer will create the /etc/letsencrypt/renewal and /etc/letsencrypt/csr directories as world readable. The administrator may want to tighten the readability of these directories to fit their requirements. Generate an SSL You will be required to enter your email and accept their license agreement. I would recommend using the server admins email. Also make sure you replace "cPanelUser" with your actual username. This is require to allow the Let's Encrypt client to create the auth files for the domain and be able to access them during the authorization. Please note if you are installing a subdomain or addon domain that points to another path, that you set the path of the subdomain or addon domain.
cd /root/letsencrypt
./letsencrypt-auto --text --agree-tos --email email@domain.com certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
For all subsequent runs use the following below, as there is no need to re-provide your email or re-agree to the TOS.
cd /root/.local/share/letsencrypt/bin/
./letsencrypt --text certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
By adding the renew-by-default command you can add this to a cron to run every 60 (recommended) or say 85 days to avoid this expiring before you are sure the new certs are retrieved. Then all you need to do is simply run the install script below again to install the updated certificate to cPanel.
0 0 */60 * * /root/.local/share/letsencrypt/bin/letsencrypt --text certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com; /root/installssl.pl domain.com
You can also generate an SSL certificate via Get HTTPS for free!, there are additional steps that are required however. Script to automatically install the SSLs you generated This script will be used to install the SSL's you generated to cPanel/WHM via the API. Please note the following things. 1. You must replace "rootpass" with your actual root password. 2. The CA Bundle is not by default in the location below and is generally saved to /etc/letsencrypt/live/domain.com/fullchain.pm and is the second cert in the file. I have included the CA Bundle below the script so you can create this.
#!/usr/local/cpanel/3rdparty/bin/perl
use strict;
use LWP::UserAgent;
use LWP::Protocol::https;
use MIME::Base64;
use IO::Socket::SSL;
use URI::Escape;
my $user = "root";
my $pass = "rootpass";
my $auth = "Basic " . MIME::Base64::encode( $user . ":" . $pass );
my $ua = LWP::UserAgent->new(
ssl_opts => { verify_hostname => 0, SSL_verify_mode => 'SSL_VERIFY_NONE', SSL_use_cert => 0 },
);
my $dom = $ARGV[0];
my $certfile = "/etc/letsencrypt/live/$dom/cert.pem";
my $keyfile = "/etc/letsencrypt/live/$dom/privkey.pem";
my $cafile = "/etc/letsencrypt/live/$dom/chain.pem";
my $certdata;
my $keydata;
my $cadata;
open(my $certfh, '<', $certfile) or die "cannot open file $certfile";
{
local $/;
$certdata = <$certfh>;
}
close($certfh);
open(my $keyfh, '<', $keyfile) or die "cannot open file $keyfile";
{
local $/;
$keydata = <$keyfh>;
}
close($keyfh);
open(my $cafh, '<', $cafile) or die "cannot open file $cafile";
{
local $/;
$cadata = <$cafh>;
}
close($cafh);
my $cert = uri_escape($certdata);
my $key = uri_escape($keydata);
my $ca = uri_escape($cadata);
my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/installssl?api.version=1&domain=$dom&crt=$cert&key=$key&cab=$ca" );
$request->header( Authorization => $auth );
my $response = $ua->request($request);
print $response->content;
Add the Let's Encrypt CA Bundle Let's Encrypt should now include the CA Bundle when generating certs. It will be saved as chain.pem In the event that is missing or not created you can manually create the CA for use with the script below and change "my $cafile" in the script above to use this file instead.
vi /etc/letsencrypt/live/bundle.txt
When editing that file set the following below and save Note: This has been updated with the Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
Running the script First make the script executable. Then run the script with the main domain of the certificate generated from Let's Encrypt.
chmod +x installssl.pl
./installssl.pl domain.com
There you go you are all set and ready to generate and install SSLs from Let's Encrypt automatically via the command line.
-
yum -y install git python27 python27-devel python27-pip python27-setuptools python27-tools python27-virtualenv --enablerepo=ius
On CloudLinux 6.7, running the above line results in the following error:Transaction Check Error: file /usr/bin/2to3 from install of python27-tools-2.7.10-1.ius.el6.x86_64 conflicts with file from package python-tools-2.6.6-64.el6.x86_64
0 -
Hi Valetia This occurs because of the python-tools package from CentOS / CL 6.7. When this occurs you simply need to remove that package. I have updated the original entry to indicate this. 0 -
nice @cPMatthewV love the perl script ! :cool: cmds for LE install look familiar :-D 0 -
nice @cPMatthewV love the perl script ! :cool: cmds for LE install look familiar :-D
Thanks :D and yeah I got the install instructions from their site and simply included the repo commands. It's good that is as easy as that and not to complicated. Hopefully in the future we will add native support and installation for this.0 -
Thanks :D and yeah I got the install instructions from their site and simply included the repo commands.
[PLAINhttps://community.letsencrypt.org/t/redhat-centos-6-x-users-need-python-2-7/2190[/PLAIN] :) @cPMatthewV you also might want to pass command --renew-by-default and go full text based so subsequent runs can use a cron schedule so you can renew the SSL certs and also use letsencrypt instead of letsencrypt-auto which auto updates dependencies every run :)/root/.local/share/letsencrypt/bin/letsencrypt certonly --text --agree-tos --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
or pass email one time to register a LE account for expiry notifications etc + text only (or use cli.ini file)/root/.local/share/letsencrypt/bin/letsencrypt certonly --text --agree-tos --renew-by-default --email email@domain.com --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
also can populate i.e. with email setting in a cli.ini config file so to pass less parameters on cmd line User Guide " Let's Encrypt 0.2.0.dev0 documentation HTH0 -
It doesn't look like they have a standard client ./letsencrypt anymore and they just have ./letsencrypt-auto. I do agree it is quite annoying have to re-run those checks. Hopefully they will fix this. 0 -
Ah you're looking in wrong directory. With above install instructions the non-auto binary will be at /root/.local/share/letsencrypt/bin/letsencrypt It's defined at [PLAINhttps://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt-auto#L13-L16[/PLAIN] /root/.local/share/letsencrypt/bin/letsencrypt --version letsencrypt 0.1.0
/root/.local/share/letsencrypt/bin/letsencrypt --help webroot usage: letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] ... The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. Major SUBCOMMANDS are: (default) run Obtain & install a cert in your current webserver certonly Obtain cert, but do not install it (aka "auth") install Install a previously obtained cert in a server revoke Revoke a previously obtained certificate rollback Rollback server configuration changes made during install config_changes Show changes made to server config during installation plugins Display information about installed plugins optional arguments: -h, --help show this help message and exit -c CONFIG_FILE, --config CONFIG_FILE config file path (default: None) webroot: Webroot Authenticator -w WEBROOT_PATH, --webroot-path WEBROOT_PATH public_html / webroot path. This can be specified multiple times to handle different domains; each domain will have the webroot path that preceded it. For instance: `-w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.net -d m.thing.net` (default: None)
ls -lah /root/.local/share/letsencrypt/bin/ total 72K drwxr-xr-x 2 root root 4.0K Dec 3 19:10 . drwxr-xr-x 5 root root 4.0K Nov 15 20:42 .. -rw-r--r-- 1 root root 2.2K Nov 15 20:42 activate -rw-r--r-- 1 root root 1.3K Nov 15 20:42 activate.csh -rw-r--r-- 1 root root 2.4K Nov 15 20:42 activate.fish -rw-r--r-- 1 root root 1.2K Nov 15 20:42 activate_this.py -rwxr-xr-x 1 root root 261 Dec 3 19:10 easy_install -rwxr-xr-x 1 root root 261 Dec 3 19:10 easy_install-2.7 -rwxr-xr-x 1 root root 245 Dec 3 19:10 jws -rwxr-xr-x 1 root root 245 Dec 3 19:10 letsencrypt -rwxr-xr-x 1 root root 249 Dec 3 19:10 letsencrypt-renewer -rwxr-xr-x 1 root root 368 Nov 15 20:42 ndg_httpclient -rwxr-xr-x 1 root root 242 Nov 15 20:42 pbr -rwxr-xr-x 1 root root 310 Nov 15 20:42 pip -rwxr-xr-x 1 root root 312 Nov 15 20:42 pip2 -rwxr-xr-x 1 root root 316 Nov 15 20:42 pip2.7 lrwxrwxrwx 1 root root 9 Nov 15 20:42 python -> python2.7 lrwxrwxrwx 1 root root 9 Nov 15 20:42 python2 -> python2.7 -rwxr-xr-x 1 root root 4.8K Nov 15 20:42 python2.7
also corrected my above post with full path as i assumed ./letsencrypt was from /root/.local/share/letsencrypt/bin/0 -
Getting -bash: ./installssl.pl: /usr/local/cpanel/3rdparty/bin/perl^M: bad interpreter: No such file or directory when running the ./installssl.pl mydomain.tld Works now, used sed -i 's/\r//' installssl.pl 0 -
This is great only yesterday I got the query from a client to install lets encryt ssl on cPanel server and I was trying to upgrade phython from 2.6 to 2.7 but that was not recommended hence I have stop working on it. I will try this new tutorial now and hopefully this will help me 0 -
I'm getting this error following the tutorial, after running the ./letsencrypt-auto --verbose command for the first time. I'm on CloudLinux 6. Creating virtual environment... Running virtualenv with interpreter /usr/bin/python2.7 Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/virtualenv.py", line 16, in import tempfile File "/usr/lib64/python2.7/tempfile.py", line 32, in import io as _io File "/usr/lib64/python2.7/io.py", line 51, in import _io ImportError: /usr/lib64/python2.7/lib-dynload/_io.so: undefined symbol: _PyErr_ReplaceException
Also the packages python-virtualenv and cloudlinux' alt-python-virtualenv were in some conflict so I removed the alt-python-virtualenv which solved that issue.0 -
Hi. When I try to make a demo SSL, script doesn't create /etc/letsencrypt/live/$domain directory. So, I did it manually. If I execute it again, same error. cannot open file /etc/letsencrypt/live/zagas.com.ar/cert.pem at /root/installssl.pl line 29.
root@eh-002 [~/scripts/letsencrypt]# pwd /root/scripts/letsencrypt root@eh-002 [~/scripts/letsencrypt]# ./letsencrypt-auto --text --agree-tos --email webmaster@$domain.com.ar --renew-by-default --webroot --webroot-path /home/$domain/public_html/ -d $domain.com.ar -d www.$domain.com.ar Updating letsencrypt and virtual environment dependencies....... Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --email webmaster@$domain.com.ar --renew-by-default --webroot --webroot-path /home/$domain/public_html/ -d $domain.com.ar -d www.$domain.com.ar No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually root@eh-002 [~/scripts/letsencrypt]# /root/installssl.pl $domain.com.ar cannot open file /etc/letsencrypt/live/$domain.com.ar/cert.pem at /root/installssl.pl line 29. root@eh-002 [~/scripts/letsencrypt]# find /etc/letsencrypt/ -type d /etc/letsencrypt/ /etc/letsencrypt/accounts /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory /etc/letsencrypt/live /etc/letsencrypt/live/$domain.com.ar root@eh-002 [~/scripts/letsencrypt]# find /etc/letsencrypt/ -type f /etc/letsencrypt/live/bundle.txt root@eh-002 [~/scripts/letsencrypt]# find . -iname "*$domain*" root@eh-002 [~/scripts/letsencrypt]#
0 -
I'm getting the same error as siriusb. It doesn't create the /etc/letsencrypt/ directory, so I tried to create before I could even create bundle.txt it manually but no luck. This is on CENTOS 6.7 Anyone got any ideas? Edit: Nevermind, apparently for whatever reason python wasn't installing 2.7 correctly. I did the following command and it was still showing only python 2.6 whereis python
After that I redid this.yum -y install python27 python27-devel python27-pip python27-setuptools python27-tools python27-virtualenv --enablerepo=ius
Afterwards I retried running the python script and it worked correctly.0 -
Hey I have followed the given tutorial and installed SSL successfully on the domain there is green pad lock appearing there so I have checked this and found that site have Insecure call. Found on line # 56 in file: 0 -
As instructed above, I removed the python tools... yum remove python-tools
Just now I received an email from my WHM server with the subject "An update failure has occured." The body of the email included the line... Sysup: Needed system RPMs were not installed: python-tools
I installed python-tools again, and got the same error above: file /usr/bin/2to3 from install of python-tools-2.6.6-64.el6.x86_64 conflicts with file from package python27-tools-2.7.10-1.ius.el6.x86_64
So it seems I can either have the ability for WHM/cPanel to update itself, or I can have LetsEncrypt, but not both. Any thoughts?0 -
Fantastic! Thank you for this :) I'm running this now via a PHP script (out on it's own, not web accessible) which I pass the initial arguments to (path, domains.) I'm aiming eventually to have this populate a table with the information of the certificate and when it should be renewed next (doing +60 days) and have only one script run via cron to query this, find out which ones need renewing, and only renew those (rather than multiple cron jobs for each domain.) I want to look into doing this with the main service SSL too (dovecot, exim, ftp, cpanel) and using the API here: WHM API 1 Functions - install_service_ssl_certificate - Software Development Kit - cPanel Documentation Is this last bit something you would recommend not doing? 0 -
As instructed above, I removed the python tools...
yum remove python-tools
Just now I received an email from my WHM server with the subject "An update failure has occured." The body of the email included the line... I installed python-tools again, and got the same error above: So it seems I can either have the ability for WHM/cPanel to update itself, or I can have LetsEncrypt, but not both. Any thoughts?
After some additional testing the python27-tools package is not required and this will work without it. Feel free to remove this and reinstall python-tools for cPanel and Mailman. We apologize for any problems this step caused. We have updated the article to remove this.rpm -e --nodeps python27-tools yum -y install python-tools
0 -
The instructions worked with the addition of running sed -i 's/\r//' installssl.pl. I was very pleased to have an SSL site within 20 minutes in my test site! However, I have misgivings about entering the root password into a script. Shouldn't the script run as root anyway? Why is this necessary? 0 -
@procopius560 I am glad to hear this is working for you. The reason the root password needs to be provided is because this actually interacts with the API to install the SSL which requires authentication with WHM/cPanel. If you do now wish to place your password here there are other methods of authenticating which you can find in the 0 -
Hello there, am pretty sure your method can be modified for WHM's root account? I speaking about the WHM services, EXIM, Dovecot, FTP etc... 0 -
Hello there, am pretty sure your method can be modified for WHM's root account? I speaking about the WHM services, EXIM, Dovecot, FTP etc...
yeah probably something like WHM Certificates Are not Working0 -
I made some wrapper scripts to facilitate the installation and usage of Let's Encrypt and cpanel. The code is a small wrapper around the techniques listed in this tutorial. Thanks cPMatthewV for the code brother. 0 -
I made some wrapper scripts to facilitate the installation and usage of Let's Encrypt and cpanel. The code is a small wrapper around the techniques listed in this tutorial. Thanks cPMatthewV for the code brother.
Here is another version 2 of the wrapper that installs SSL certificates to your cPanel server and automatically renews them using the Let's Encrypt command line tool for cPanel and CentOS 6.x. If you need a different CentOS then edit the rpm line of letsencrypt-cpanel-install.sh and see this page for the correct entry. How to Enable EPEL Repository for RHEL/CentOS 7.x/6.x/5.x The script downloads and sets up your python environment to use Let's Encrypt with cPanel Then it installs Let's Encrypt into the /root directory Script generates the /root/installssl.pl and prompts for the root password which is inserted into the WHM api wrapper perl script. The SSL certificate is placed in the correct location when installing Let's Encrypt. There are three files which should be saved to /usr/local/sbin/- ]
- letsencrypt-cpanel-install.sh Run one time per dedicated server to install Lets Encrypt
- letsencrypt-cpanel-first.sh $USERNAME $DOMAIN Run one time per domain to set up a cert. Assuming email address webmaster@$DOMAIN
- letsencrypt-cpanel.sh $USERNAME $DOMAIN Usually run by cron for each domain once every 60 days to renew the ssl certificate, but can be manually run.
0 -
Awesome script @webstandardcss, this will indeed make things easier for people who wish to try this, and we appreciate the efforts, however I must note that cPanel can only support or directly recommend our script. I have been meaning to get around to improving on this for a more automated experience but have been busy with support tickets. :D once we have more details on this we will be sure to update the posting. For now I would definitely recommend people use the method provided by cPanel in the initial post, especially if they have any concerns over third party scripts. While end users are welcome to create custom scripts or wrappers to make this easier or automated and are also welcome to purchase third party plugins, cPanel does not officialy support these methods and cannot assist with any issues caused by them. I would also like to note that cPanel's Development team is hard at work on bringing future support natively for Let's Encrypt without the need for extra scripts or steps. However it may be a little while before we get this added to the product since Let's Encrypt is still in Beta and there are a bunch of things for development to work on. But rest assured it is on its way. 0 -
Thanks for your input cPMatthewV. I just wanted people to know about this alternative (I'm not affiliated with this in anyway btw). :) 0 -
Thanks for your input cPMatthewV, I added some more features to the script. letsencrypt-cpanel-all.sh command installs the SSL certificate for every cPanel user on the server while respecting rate limiting. Best to open this in a screen session so you can detach the terminal bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x And it works with CentOS 6 and 7 now Needs tested on CentOS 7 If you are a GitHub forker, I explained how I synced up letsencrypt-cpanel Bitbucket to Github. It was fun and easy! github.com/webstandardcss/letsencrypt-cpanel/wiki 0 -
Interesting, will give it a try. :) 0 -
Unfortunately, for those of us who prefer standards, this cPanel script does not function properly. In particular, I have made my apache root at /var/www/ instead of /home/. It should really have been at /srv/ as per OpenSUSE and many other distros, but I do extensive partitioning of my file system anyhow -- /var/www/ is separate from the rest of /var/. Anyhow, my output is this: root@ns01 [/]# letsencrypt-cpanel domainnet www.domain.netwebmaster@domain.net[/EMAIL] Using email address domain@example.net[/EMAIL] Updating letsencrypt and virtual environment dependencies....... Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --email webmaster@domain.net[/EMAIL] certonly --renew-by-default --webroot --webroot-path /home/domainnet/public_html/ -d www.domain.net -dwww.www.domain.net The webroot plugin is not working; there may be problems with your existing configuration. The error was: PluginError('/home/domainnet/public_html/ does not exist or is not a directory',) cannot open file /etc/letsencrypt/live/www.domain.net/cert.pem at /root/installssl.pl line 28.
Well, gee -- no wonder this doesn"t work. The correct path is /var/www/domainnet/public_html/0 -
I disabled root user for ssh and I managed to run the hg clone using sudo and then verify it as sudo. But, when I tried to run the letsencrypt-cpanel-install.sh without sudo it failed of course with permissions denied. So, I then tried sudo letsencrypt-cpanel-install.sh and it said that the file did not exist. This is centos 7 0 -
@rekabis I am sorry to see that you have had issues with this and your custom environment. Please note however that our script and instructions in the initial post are valid and inline with cPanel standards and the structure of our system which has been in place for years. We place all users under home and their Apache content under /home/user/public_html which is where this script checks. If users have a custom or additional home directory or custom path for their Apache content they would need to modify the script to set this. We will clear this up in the initial post to avoid any confusion and problems for users that use a custom / additional home directory. 0
Please sign in to leave a comment.
Comments
118 comments