[How-To] Installing SSL from Let's Encrypt

cPMatthewV

• December 04, 2015 23:37

UPDATE: As of cPanel and WHM version 58 the AutoSSL feature now includes Let's Encrypt support. This blog post will help you get set up there. Anyone using the custom workaround on this thread may want to keep this in mind when using these steps. The following below will show you how to install the Let's Encrypt client and how to generate and install SSL certificates from Lets Encrypt via the WHM API using a custom workaround. Installing the Let's Encrypt Client on CentOS 6.x Please note: The Let's Encrypt client requires / prefers python 2.7, so we will install Python 2.7 alongside Python 2.6. Don't worry it won't break anything.
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm yum -y install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv --enablerepo=ius cd /root git clone https://github.com/letsencrypt/letsencrypt cd /root/letsencrypt sed -i "s|--python python2|--python python2.7|" letsencrypt-auto ./letsencrypt-auto --verbose
Installing the Let's Encrypt Client on CentOS 7.x
yum -y install git cd /root git clone https://github.com/letsencrypt/letsencrypt cd /root/letsencrypt ./letsencrypt-auto --verbose
NOTE: The Let's Encrypt installer will create the /etc/letsencrypt/renewal and /etc/letsencrypt/csr directories as world readable. The administrator may want to tighten the readability of these directories to fit their requirements. Generate an SSL You will be required to enter your email and accept their license agreement. I would recommend using the server admins email. Also make sure you replace "cPanelUser" with your actual username. This is require to allow the Let's Encrypt client to create the auth files for the domain and be able to access them during the authorization. Please note if you are installing a subdomain or addon domain that points to another path, that you set the path of the subdomain or addon domain.
cd /root/letsencrypt ./letsencrypt-auto --text --agree-tos --email email@domain.com certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
For all subsequent runs use the following below, as there is no need to re-provide your email or re-agree to the TOS.
cd /root/.local/share/letsencrypt/bin/ ./letsencrypt --text certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
By adding the renew-by-default command you can add this to a cron to run every 60 (recommended) or say 85 days to avoid this expiring before you are sure the new certs are retrieved. Then all you need to do is simply run the install script below again to install the updated certificate to cPanel.
0 0 */60 * * /root/.local/share/letsencrypt/bin/letsencrypt --text certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com; /root/installssl.pl domain.com
You can also generate an SSL certificate via Get HTTPS for free!, there are additional steps that are required however. Script to automatically install the SSLs you generated This script will be used to install the SSL's you generated to cPanel/WHM via the API. Please note the following things. 1. You must replace "rootpass" with your actual root password. 2. The CA Bundle is not by default in the location below and is generally saved to /etc/letsencrypt/live/domain.com/fullchain.pm and is the second cert in the file. I have included the CA Bundle below the script so you can create this.
#!/usr/local/cpanel/3rdparty/bin/perl use strict; use LWP::UserAgent; use LWP::Protocol::https; use MIME::Base64; use IO::Socket::SSL; use URI::Escape; my $user = "root"; my $pass = "rootpass"; my $auth = "Basic " . MIME::Base64::encode( $user . ":" . $pass ); my $ua = LWP::UserAgent->new( ssl_opts => { verify_hostname => 0, SSL_verify_mode => 'SSL_VERIFY_NONE', SSL_use_cert => 0 }, ); my $dom = $ARGV[0]; my $certfile = "/etc/letsencrypt/live/$dom/cert.pem"; my $keyfile = "/etc/letsencrypt/live/$dom/privkey.pem"; my $cafile = "/etc/letsencrypt/live/$dom/chain.pem"; my $certdata; my $keydata; my $cadata; open(my $certfh, '<', $certfile) or die "cannot open file $certfile"; { local $/; $certdata = <$certfh>; } close($certfh); open(my $keyfh, '<', $keyfile) or die "cannot open file $keyfile"; { local $/; $keydata = <$keyfh>; } close($keyfh); open(my $cafh, '<', $cafile) or die "cannot open file $cafile"; { local $/; $cadata = <$cafh>; } close($cafh); my $cert = uri_escape($certdata); my $key = uri_escape($keydata); my $ca = uri_escape($cadata); my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/installssl?api.version=1&domain=$dom&crt=$cert&key=$key&cab=$ca" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content;
Add the Let's Encrypt CA Bundle Let's Encrypt should now include the CA Bundle when generating certs. It will be saved as chain.pem In the event that is missing or not created you can manually create the CA for use with the script below and change "my $cafile" in the script above to use this file instead.
vi /etc/letsencrypt/live/bundle.txt
When editing that file set the following below and save Note: This has been updated with the Let's Encrypt Authority X3
-----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE-----
Running the script First make the script executable. Then run the script with the main domain of the certificate generated from Let's Encrypt.
chmod +x installssl.pl ./installssl.pl domain.com
There you go you are all set and ready to generate and install SSLs from Let's Encrypt automatically via the command line.

• 

  cPMatthewV

  • December 13, 2015 11:30

  I disabled root user for ssh and I managed to run the hg clone using sudo and then verify it as sudo. But, when I tried to run the letsencrypt-cpanel-install.sh without sudo it failed of course with permissions denied. So, I then tried sudo letsencrypt-cpanel-install.sh and it said that the file did not exist. This is centos 7

  
  @Krowchuk you may wish to reach out to @webstandardcss for direct assistance with this as he designed this. We can really only provide assistance with issues pertaining to our instructions and script.

  0
• 

  Graywolfie

  • December 13, 2015 22:37

  Something that had me stumped for a while. I had installed a few certs without issue following the instructions in this thread. Then, upon another attempt I was getting the insufficient authorization error. The .well-known and acme-challenge directories were created but nothing could be put in them. The "forest for the trees" answer was Options -Indexes in the .htaccess file for the account. Comment that out and then it worked without issue. Hope that helps someone. :)

  0
• 

  Krowchuk

  • December 17, 2015 07:25

  @Krowchuk you may wish to reach out to @webstandardcss for direct assistance with this as he designed this. We can really only provide assistance with issues pertaining to our instructions and script.

  
  Thanks @cPMatthewV - I appreciate that. I did not hear back from @webstandardcss so I uninstalled his script and decided to try yours. I get as far as: sudo cd /root/letsencrypt and get the error "no such file or directory" Can this be run as sudo?

  0
• 

  richardjkeys

  • December 17, 2015 09:15

  This works great! :) Got it working in no time on a site with a dedicated IP. This made me wonder though, does each site still need a dedicated IP to add a letsencrypt certificate?

  0
• 

  iSpeakVideo

  • December 18, 2015 00:39

  Love the notes...ssh ran without a problem to generate the SSL...but error when I run the installssl.pl: version":1,"reason":"The domain "domain.com" is not managed on this server. You must specify an IP address to install SSL for "domain.com"

  0
• 

  iSpeakVideo

  • December 18, 2015 01:29

  Nevermind...working to long today. Everything worked great. Awesome. Thanks cPanel!

  0
• 

  Ian Jacobson

  • December 24, 2015 04:52

  I have tried to create a certificate for my hostname/cpanel/whm domains but am having a problem. Can anybody point me in the right direction?

  0
• 

  cPanelMichael

  • December 24, 2015 14:57

  I have tried to create a certificate for my hostname/cpanel/whm domains but am having a problem. Can anybody point me in the right direction?

  
  Could you elaborate on which steps you took and the specific problem you encountered? Thank you.

  0
• 

  Ian Jacobson

  • December 24, 2015 15:25

  Could you elaborate on which steps you took and the specific problem you encountered? Thank you.

  
  This is the command I used to try and create one for the hostname. When I changed the domain to cpanel. or whm. it would say I don't have permission. ./letsencrypt-auto --text certonly --renew-by-default --webroot --webroot-path /usr/local/apache/htdocs/ -d s1.mydomain.com (s1.mydomain.com is the host name)

  0
• 

  timmmmyboy

  • December 26, 2015 21:28

  This script works perfectly for us with servers that are not running CloudLinux, however consistently fails on CloudLinux servers of ours with the same error as eminos here, error:
  Creating virtual environment... Running virtualenv with interpreter /usr/bin/python2.7 Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/virtualenv.py", line 16, in import tempfile File "/usr/lib64/python2.7/tempfile.py", line 32, in import io as _io File "/usr/lib64/python2.7/io.py", line 51, in import _io ImportError: /usr/lib64/python2.7/lib-dynload/_io.so: undefined symbol: _PyErr_ReplaceException
  Anyone run into that and manage to get it resolved?

  0
• 

  jrxpress

  • December 30, 2015 13:58

  wow... this is perfect.. works like a charm... thank you so much for this amazing guide !!! happy 2016 folks :)

  0
• 

  BlackRain

  • January 01, 2016 15:29

  There is a paid cpanel plugin for let's encrypt, has anyone used it yet? Any reviews?

  0
• 

  kristofferR

  • January 05, 2016 16:16

  How do I get the installssl.pl script to work for the WHM cPanel Service SSL Certificates? I got Let's Encrypt working for the WHM SSL certs by running
  /root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --email server@domain.com certonly --renew-by-default --webroot --webroot-path /usr/local/apache/htdocs/ -d server.domain.com
  and copying the certificate/private key into the text boxes in WHM - Manage Service SSL Certificates manually, but having to do that at least every 90th day is a pain.

  0
• 

  TND

  • January 08, 2016 08:45

  Hello when i run root@cpanel [~/letsencrypt]# ./letsencrypt-auto --verbose i have this problem Updating letsencrypt and virtual environment dependencies... Requirement already up-to-date: setuptools in /root/.local/share/letsencrypt/lib/python2.7/site-packages Requirement already up-to-date: pip in /root/.local/share/letsencrypt/lib/python2.7/site-packages Collecting letsencrypt Could not find a version that satisfies the requirement letsencrypt (from versions: ) No matching distribution found for letsencrypt how can i make this work? thank you

  0
• 

  richardjkeys

  • January 08, 2016 15:21

  Does each site still need a dedicated IP?

  0
• 

  zye

  • January 13, 2016 09:57

  Does each site still need a dedicated IP?

  
  no - no dedicated ip needed

  0
• 

  Alex Kovacic

  • January 14, 2016 08:29

  I have the exact same problem as timmmmyboy Running on a cloudlinux server and I get an error on Creating virtual environment... Any news on how to fix this? Thanks!

  0
• 

  Arcfives

  • January 18, 2016 05:19

  I have followed the steps and I'm also encountering problems with it. Type: urn:acme:error:unauthorized Detail: Invalid response from I'm running on centos 6 with apache. I've also tried to change the permission of the folder /.well-known since the folder is empty. I've also tried tried to visit the website gethttpsforfree and i also get the same error. Error: Account registration failed. Please start back at Step 1. {"type":"urn:acme:error:serverInternal","detail":"Error creating new registration","status":500} So I'm wondering is it perhaps some security setting that I have set? I adjusted the Cipher Protocols and took all the steps that CSF recommended. Any advice?

  0
• 

  Spork Schivago

  • January 21, 2016 19:20

  Just a dumb question here. Is this so we get SSL certs for the cPanel Virtual Hosts listings in Apache's httpd.conf file? For example, webmail.example.com, cpanel.example.com, whm.example.com, etc? I've manually installed the SSL cert for all those virtual hosts using the --standalone plugin. It kind of sucks though because whenever I renew, I have to kill my Apache server, renew, then restart the Apache server. If this works for those virtual hosts without me needing to kill Apache, that'd be great!

  0
• 

  Spork Schivago

  • January 22, 2016 21:05

  I've successfully generated SSL certs for my domain, including the webmail..com, cpanel..com, whm..com, .com, www..com, etc. I did this manually. I made a copy of /var/cpanel/templates/apache2/main.default and called it main.local. I modified main.local so the cPanel / WHM VirtualHosts use the proper SSL certs. I than ran /usr/local/cpanel/bin/build_apache_conf and made sure it properly updated Apache's httpd.conf, it did. So, then I went ahead and created the installssl.pl file and ran it manually:
  perl /root/src/ssl/installssl.pl .com Can't locate IO/Socket/SSL.pm in @INC) at /usr/local/share/perl5/Net/HTTPS.pm line 26. Can't locate Net/SSL.pm in @INC (@INC contains: /home/spork/perl5/lib/perl5/5.10.1/x86_64-linux-thread-multi /home/spork/perl5/lib/perl5/5.10.1 /home/spork/perl5/lib/perl5/x86_64-linux-thread-multi /home/spork/perl5/lib/perl5/5.10.0 /home/spork/perl5/lib/perl5 /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/share/perl5/Net/HTTPS.pm line 30. Compilation failed in require at /usr/share/perl5/LWP/Protocol/https.pm line 48. Compilation failed in require at /root/src/ssl/installssl.pl line 5. BEGIN failed--compilation aborted at /root/src/ssl/installssl.pl line 5.
  I use my real domain in place of .com. Any suggestions on how to fix this?

  0
• 

  Spork Schivago

  • January 22, 2016 21:12

  I'm getting further. I fixed that problem with the following command:
  yum install perl-IO-Socket-SSL
  Now, for some reason, the script doesn't like my password. It has some characters that tend to cause problems in Unix environments, like ! for example. This is the new error message:
  Global symbol "" requires explicit package name at /root/src/ssl/installssl.pl line 11. Execution of /root/src/ssl/installssl.pl aborted due to compilation errors.
  

  0
• 

  Spork Schivago

  • January 22, 2016 21:36

  I believe I fixed it. I think in the original installssl.pl file, this:
  my $user = "root"; my $pass = "rootpass";
  Should be replaced by this:
  my $user = 'root'; my $pass = 'rootpass';
  After I replaced the double quotes with single quotes there, it worked, kinda. I still had to choose the new SSL certs in WHM (Service Configuration -> Manage Service SSL Certificates). It showed it was still using the self signed certs until I picked the new ones from Let's Encrypt. Then it worked fine. I just wish there was a way to automate that, so each time a renewal came, I wouldn't have to go in there and manually pick the new certs each time.

  0
• 

  Spork Schivago

  • January 22, 2016 23:38

  I also modified the original script to actually install the certs for the various WHM services. Maybe other people would like this? I had to generate a cert for my hostname though. For example, my hostname is franklin. So I had to generate a cert for franklin.jetbbs.com...Here's the code I added to installssl.pl file. Maybe other people would find it handy? The "Install the SSL cert" part was already there, at the end of the file. I just added a comment to it saying Install the SSL cert and added the printf statement.
  # Install the SSL cert print "Attempting to install the SSL certificate to WHM...\n"; my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/installssl?api.version=1&domain=$dom&crt=$cert&key=$key&cab=$ca" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content; # Install the SSL certificate for the FTP service print "\n\nAttempting to install the SSL certificate for the FTP service...\n"; my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/install_service_ssl_certificate?api.version=1&service=ftp&crt=$cert&cabundle=$ca&key=$key" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content; # Install the SSL certificate for the exim service print "\n\nAttempting to install the SSL certificate for the exim service...\n"; my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/install_service_ssl_certificate?api.version=1&service=exim&crt=$cert&cabundle=$ca&key=$key" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content; # Install the SSL certificate for the dovecot service print "\n\nAttempting to install the SSL certificate for the dovecot service...\n"; my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/install_service_ssl_certificate?api.version=1&service=dovecot&crt=$cert&cabundle=$ca&key=$key" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content; # Install the SSL certificate for the cpanel service print "\n\nAttempting to install the SSL certificate for the cpanel service...\n"; my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/install_service_ssl_certificate?api.version=1&service=cpanel&crt=$cert&cabundle=$ca&key=$key" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content; # Install the SSL certificate for the courier service # NOTE: They removed the Courier mail server in cPanel & WHM version 54. # The Courier mail server only exists for cPanel & WHM version 11.52 and earlier. # If we try install the SSL cert for courier on a cPanel & WHM version 54 server, # the system returns the following message: # courier is not a known service. # This script should not cause any problems though, even if courier isn't installed. print "\n\nAttempting to install the SSL certificate for the courier service...\n"; my $request = HTTP::Request->new( POST => "https://127.0.0.1:2087/json-api/install_service_ssl_certificate?api.version=1&service=courier&crt=$cert&cabundle=$ca&key=$key" ); $request->header( Authorization => $auth ); my $response = $ua->request($request); print $response->content;
  

  0
• 

  Spork Schivago

  • January 23, 2016 00:00

  I have followed the steps and I'm also encountering problems with it. Type: urn:acme:error:unauthorized Detail: Invalid response from I'm running on centos 6 with apache. I've also tried to change the permission of the folder /.well-known since the folder is empty. I've also tried tried to visit the website gethttpsforfree and i also get the same error. Error: Account registration failed. Please start back at Step 1. {"type":"urn:acme:error:serverInternal","detail":"Error creating new registration","status":500} So I'm wondering is it perhaps some security setting that I have set? I adjusted the Cipher Protocols and took all the steps that CSF recommended. Any advice?

  
  I might be able to help. Are you running Apache for your web server? This probably isn't the best solution because you need to stop your Apache server when you get the certs or whenever you renew and then start it up again. This is how I did it on my server (I go through GoDaddy and have a Virtual Private Server)... You already have Let's Encrypt, so just go to the Let's Encrypt directory... If you're running Apache, stop it. Run letsencrypt-auto like this:
  /etc/init.d/httpd stop ./letsencrypt-auto certonly --test-cert --standalone --email your_email@yourdomain.com -d yourdomain.com -d www.yourdomain.com -d yourhostname.yourdomain.com -d cpanel.yourdomain.com -d whm.yourdomain.com -d webmail.yourdomain.com -d webdisk.yourdomain.com -d cpcalendars.yourdomain.com -d cpcontacts.yourdomain.com /etc/init.d/httpd start
  See if that works for you. Make sure you use the --test-cert so you don't request too many and get denied new ones if this doesn't work and you have to try the command a few times. Replace your_email@yourdomain.com with your actual e-mail and domain name. Replace all of the yourdomain's with your actual domain name. Replace hostname with your hostname. You're also going to need to install the certs once you create them, either by using the script for the WHM stuff or editing the Apache config files. The script is the better way to go. Once you generate the test certs, I can try and help you with the other stuff.

  0
• 

  thorny23

  • January 23, 2016 21:00

  Hi all, Sorry, im a little confused about the renewal - following the instructions I used the following:
  ./letsencrypt-auto --text --agree-tos --email email@domain.com certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
  So how does renewal from here work, do I need to setup a cron in WHM?

  0
• 

  Spork Schivago

  • January 23, 2016 22:41

  Hi all, Sorry, im a little confused about the renewal - following the instructions I used the following:
  ./letsencrypt-auto --text --agree-tos --email email@domain.com certonly --renew-by-default --webroot --webroot-path /home/cPanelUser/public_html/ -d domain.com -d www.domain.com
  So how does renewal from here work, do I need to setup a cron in WHM?

  
  Yes, according to the document located here ( User Guide " Let's Encrypt 0.2.1.dev0 documentation ):
  If you"re sure that UI doesn"t prompt for any details you can add the command to crontab (make it less than every 90 days to avoid problems, say every month).
  Also, according to that documentation, they're working on letsencrypt-auto doing some sort of auto-renewal but they say the tool isn't available yet. For my system, I created a bash script that ran the various commands and then put it in /etc/cron.daily. I had to use the stand-alone plugin though. So I have to shutdown Apache, try to renew, then restart Apache. I also call the modified cPanel script that I created, so whenever the certs do get updated, it'll automatically install and configure them for the various WHM / cPanel services.

  0
• 

  thorny23

  • January 25, 2016 07:31

  I created a bash script that ran the various commands and then put it in /etc/cron.daily. I had to use the stand-alone plugin though. So I have to shutdown Apache, try to renew, then restart Apache. I also call the modified cPanel script that I created, so whenever the certs do get updated, it'll automatically install and configure them for the various WHM / cPanel services.
  Spork, are you able to share said bash script at all please? Would be greatly appreciated!

  0
• 

  MaxFein

  • January 25, 2016 13:29

  Does each site still need a dedicated IP?

  
  Server Name Indication - Wikipedia, the free encyclopedia

  0
• 

  venomco

  • January 28, 2016 22:08

  Hi. Having just set up my certs via a bit of trial and error and ignorinng doing
  sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
  I found that this works perfectly nn CentOS 6 X64 Assuming everything is installed: Turn of webserer (Apache) under servicesettings using WHM
  ./letsencrypt-auto certonly --debug
  This will ignore the Python errors and bring up the blue screen follow the instructions When the script is done you will get a message saying the certificate is saved in /etc/letsencrypt/live/domain.com/
  cd /etc/letsencrypt/live/domain.com/
  check the dir
  ls

cert.pem privkey.pem chain.pem fullchain.pem
  cert.pem is the certificate privkey.pem is the private key chain.pem is the Certificate Authority Bundle fullchain.pem contains everything. vi privkey.pem copy the info into notepad (or whatever) continue with each .pem. If you want you can just copy the info in fullchain.pem but I chose to be thorough. Now just go to WHM an install the cert go to SSL/TLS and install a.... copy an paste each .pem code. Done. Without using any scripts or code

  0
• 

  Taubin

  • January 30, 2016 22:52

  I've been banging my head against the wall trying to get this to install properly. I have a new Centos7 droplet on Digital Ocean. I've installed Cpanel/WHM with no problem, however, when I attempt to install LetsEncrypt, I receiving the following error:
  root@drink [~/letsencrypt]# sudo ./letsencrypt-auto --verbose Updating letsencrypt and virtual environment dependencies... Requirement already up-to-date: setuptools in /root/.local/share/letsencrypt/lib/python2.7/site-packages Requirement already up-to-date: pip in /root/.local/share/letsencrypt/lib/python2.7/site-packages Requirement already up-to-date: letsencrypt in /root/.local/share/letsencrypt/lib/python2.7/site-packages Requirement already up-to-date: letsencrypt-apache in /root/.local/share/letsencrypt/lib/python2.7/site-packages Requirement already up-to-date: zope.interface in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: setuptools in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: python2-pythondialog>=3.2.2rc1 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: PyOpenSSL in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: acme==0.3.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: ConfigArgParse>=0.9.3 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: parsedatetime in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: configobj in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: pytz in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: psutil>=2.1.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: six in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: cryptography>=0.7 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: zope.component in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: mock in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: pyrfc3339 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt) Requirement already up-to-date: python-augeas in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from letsencrypt-apache) Requirement already up-to-date: requests in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt) Requirement already up-to-date: pyasn1 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt) Requirement already up-to-date: ndg-httpsclient in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt) Requirement already up-to-date: werkzeug in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from acme==0.3.0->letsencrypt) Requirement already up-to-date: idna>=2.0 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt) Requirement already up-to-date: enum34 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt) Requirement already up-to-date: ipaddress in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt) Requirement already up-to-date: cffi>=1.4.1 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cryptography>=0.7->letsencrypt) Requirement already up-to-date: zope.event in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from zope.component->letsencrypt) Requirement already up-to-date: funcsigs in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt) Requirement already up-to-date: pbr>=0.11 in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from mock->letsencrypt) Requirement already up-to-date: pycparser in /root/.local/share/letsencrypt/lib/python2.7/site-packages (from cffi>=1.4.1->cryptography>=0.7->letsencrypt) Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --verbose ???????????????????????????????????????????????????????????????????????? ? Saving debug log to /var/log/letsencrypt/letsencrypt.log ? No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually
  The log is as follows:
  016-01-30 23:48:33,726:DEBUG:letsencrypt.cli:Root logging level set at 20 2016-01-30 23:48:33,726:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2016-01-30 23:48:33,733:DEBUG:letsencrypt.cli:letsencrypt version: 0.3.0 2016-01-30 23:48:33,733:DEBUG:letsencrypt.cli:Arguments: ['--verbose"> 2016-01-30 23:48:33,734:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2016-01-30 23:48:33,738:DEBUG:letsencrypt.cli:Requested authenticator None and installer None 2016-01-30 23:48:33,748:DEBUG:letsencrypt.plugins.disco:No installation (PluginEntryPoint#apache): Traceback (most recent call last): File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 103, in prepare self._initialized.prepare() File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 150, in prepare raise errors.NoInstallationError NoInstallationError 2016-01-30 23:48:33,749:DEBUG:letsencrypt.display.ops:No candidate plugin 2016-01-30 23:48:33,749:DEBUG:letsencrypt.cli:Selected authenticator None and installer None
  Any help would be greatly appreciated.

  0

Please sign in to leave a comment.