Let's Encrypt For cPanel DNSOnly
Since cPanel doesn't offer SSL for DNS servers, can Let's Encrypt be installed on cPanel DNSOnly using the same script?
-
Hello, cPanel DNS-Only is designed for DNS management purposes. Domain-validated SSL certificate providers such as Let's Encrypt depend on the domain name resolving to the server where the certificate is requested to complete the validation process. Since cPanel DNS-Only is used for DNS hosting and doesn't include the Apache service, AutoSSL functionality isn't offered. Instead, you'd install the SSL certificate on the cPanel server that hosts the domain name. Thank you. 0 -
I totally understand the reason why AutoSSL is not part of DNSOnly package. However, we have all gotten used to not having those pesky browser warnings. But your reason is also understandable. Say Michael, beyond 53, 2087, 25/26, UDP 123 what are the others ports that ought to be open (inbound and outside) DNSOnly needs to function 100% properly in a cluster? Thanks. 0 -
Hello, One of the current prerequisites for the free hostname SSL certificate is a cPanel license, and thus it's not offered on DNS-Only installations due to a lack of a cPanel license on those systems. That said, I encourage you to open a feature request if you'd like to see AutoSSL support for the server's hostname with cPanel DNS-Only: Submit A Feature Request Say Michael, beyond 53, 2087, 25/26, UDP 123 what are the others ports that ought to be open (inbound and outside) DNSOnly needs to function 100% properly in a cluster?
Ports 53 and 2087 are sufficient, however you'd also want port 25 open for email notifications. Additionally, you should allow connections from the port SSH is configured on in the event you need to access the system via the command line. Thanks!0 -
Hello, One of the current prerequisites for the free hostname SSL certificate is a cPanel license, and thus it's not offered on DNS-Only installations due to a lack of a cPanel license on those systems. That said, I encourage you to open a feature request if you'd like to see AutoSSL support for the server's hostname with cPanel DNS-Only: Submit A Feature Request Ports 53 and 2087 are sufficient, however you'd also want port 25 open for email notifications. Additionally, you should allow connections from the port SSH is configured on in the event you need to access the system via the command line. Thanks!
Thank you so much for the update, Micheal. I have done as you requested.0 -
@cPanelMichael, while I appreciate the straightforward answer, this is a terrible business decision. Do you guys not care that admins have to make a browser exception to trust an unsigned certificate to administer the DNS server? Yeah, it's secure, but we all know it is bad practice. If you tolerate this security issue makes me wonder what else you give a pass.... I really hope cPanel/WHM rethinks this... You guys should be generating a trusted certificate on every install by default. 0 -
Hello @jwogrady, You can find additional discussion of this topic, including a potential workaround, on the following feature request: Automatic SSL for DNSOnly Thank you. 0 -
Hello. I used this last week. FleetSSL DNSONLY - Free SSL for cPanel" DNSONLY using Let's Encrypt" Everything was fine, until I reinstalled my cpanel-dnsonly server yesterday. I can no longer use the certificate and acmetool gave me an error (something related to listen to port 80 maybe it's my ipv6 configuration) even when I try to install it again on the same hostname. I don't think this is a cPanel issue but just sharing. I'm just too lazy to troubleshoot and make it work again if someone read this and know the fix, please guide with me. Thank you. EDIT: I found the problem, my /etc/resolv.conf was not set correctly. I changed from using Google 8.8.8.8 and 8.8.4.4 to OpenDNS 208.67.222.222 and 208.67.220.220 and I can install my certificate already. 0
Please sign in to leave a comment.
Comments
7 comments