Letsencrypt SSL certificate for cPanel hostname?
I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM.
In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail.
I looked at Main >> Service Configuration >> Manage Service SSL Certificates but this only allows me to manually add a certificate, or use on of the existing self signed certificates.
I'm aware of this blog post announcing the official 'Letsencrypt with AutoSSL plugin'. I installed it and enabled Letsencrypt as provider. But this only works for domains, not for the main root login of Panel (
-
I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM. In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail. I looked at Main >> Service Configuration >> Manage Service SSL Certificates but this only allows me to manually add a certificate, or use on of the existing self signed certificates. I'm aware of this blog post announcing the official 'Letsencrypt with AutoSSL plugin'. I installed it and enabled Letsencrypt as provider. But this only works for domains, not for the main root login of Panel (. I can log in using my domain
0 -
cPanel will provide you with a free signed certificate [automatically] for your server hostname, or should, unless you have specifically done something to cause it not to. See: Manage Service SSL Certificates - Documentation - cPanel Documentation - scroll down to "Free cPanel-signed certificate" Assuming you do not / have not created /var/cpanel/ssl/disable_auto_hostname_certificate and/or /var/cpanel/ssl/disable_service_certificate_management, then your server will automatically renew the hostname SSL certificate with a cPanel-signed SSL certificate before it expires. Mike 0 -
Hello, You can find information about how the free hostname SSL certificate works on the following document: Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation Is there any reason you prefer to use Let's Encrypt over the cPanel-signed Comodo certificate that's offered? Thank you. 0 -
Hi, I'd really appreciate if someone could please answer my question regarding Letsencrypt. "I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM. In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail." Thanks! 0 -
Why would you want to install a LetsEncrypt SSL (which has to autorenew every three months) when you can install a cPanel signed certificate [for free] that will last the year and will autorenew on its own? I don't think you can use a Letsencrypt SSL (at least not in any sort of automated fashion) on the server hostname. But again, there is no reason to. The free cPanel-signed (which is a bonafide SSL certificate that will not throw warnings in browsers) works just fine. Mike 0 -
I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM. In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail."
Hello, The Let's Encrypt plugin for cPanel only integrates with the AutoSSL feature, which generates SSL certificates for cPanel accounts. It does not generate hostname certificates for your system's services. This is documented at: The Let's Encrypt Plugin - cPanel Knowledge Base - cPanel Documentation Is there any reason you prefer to not use the Comodo certificate that's offered by default for the hostname SSL? Also, note that if you enable Let's Encrypt for cPanel accounts, then the Domain TLS functionality will ensure that certificate is used when cPanel/WHM/Webmail is accessed directly from the domain name: What is Domain TLS - cPanel Knowledge Base - cPanel Documentation Thank you.0 -
Hi, Let's just say I'm a fan of LetsEncrypt, and not (at all!) of Comodo. In any case, my question was technical, and I would love for someone to help me accomplish it. I'm sure it's possible, its a matter of a script, a cPanel plugin or perhaps a series of SSH commands which someone may have figured out already, and could perhaps share to help. So, here I go again: Hi, I'd really appreciate if someone could please answer my question regarding Letsencrypt. "I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM. In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail." Thanks! 0 -
I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM. In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail."
Hello, You could manually install a Let's Encrypt SSL certificate for each service via: "WHM >> Manage Service SSL Certificates" However, you'd need to first disable the free cPanel-signed hostname SSL certificate functionality per the instructions at: Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation Note that the automatic renewal of the Let's Encrypt certificate won't occur for the server's hostname because the free hostname SSL functionality does not support Let's Encrypt. I encourage you to open a feature request if you'd like to see support for this added to the product:0 -
Note that the automatic renewal of the Let's Encrypt certificate won't occur for the server's hostname because the free hostname SSL functionality does not support Let's Encrypt.
Is that still valid?0 -
This is an old thread, but in case anyone stumbles upon it, the correct doc URL about this topic is: /usr/local/cpanel/scripts/upcp
Which generates and replaces the hostname SSL.0 -
I think that this is my issue right now... Sectigo isn't updating my server's certificates, so I changed the default provider to LE yesterday. I've had a lot of the certs for accounts update, but I'm still getting a warning that the certs for FTP, Exim, etc are expiring. Would WHM > Manage Service SSL Certificates > Reset Certificate not do the trick? The warning it gives is super scary... 0 -
I'm not sure, actually. I was tempted to click that button myself but for what I understood from the warning that only generates a self-signed certificate for the server, not a cPanel-signed cert. So at least for my and your case it has no use. Try running the command I stated before: /usr/local/cpanel/scripts/upcp
That command as stated in the documentation (among lots of other things) generates a new certificate and replaces the old one in several circumstances, including "if the former SSL is expired or close to expiring". So that command should fix your issue.0 -
There is no setting to allow the hostname certificate to be used as let's encrpyt certificate. For this, 3rd party software should be used. Have a look at Fleetssl. 0 -
If I ignore the problem until Sectigo is fixed, would site users notice or would it only throw an error when I FTP in / check email? 0 -
@GoWilkes it would only effect users if they are using the hostname in their mail clients. If they are just using their domain, or mail.domain.com, they would not notice. 0 -
You can check this tutorial, however the last 4 lines of the script are incorrect and should be replaced by: /scripts/restartsrv_cpsrvd /scripts/restartsrv_ftpd /scripts/restartsrv_dovecot /scripts/restartsrv_exim 0 -
coer Try to run these on your server as root: # Install certbot assuming that you are using Ubuntu apt install certbot -y # Stop the cpanel http server to be able to get the certificate. Please note that this will probably interrupt all other pages managed by this server for a few seconds. service httpd stop # Request a certificate spinning up a webserver provided by letsencrypt certbot certonly --no-self-upgrade --standalone --email example@domain.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --non-interactive -d cpanel.example.com # Copy the letsencrypt certificates in the same location where cpanel place the self generated one and/or the comodo one (not sure why they put it all on the same file) cat /etc/letsencrypt/live/cpanel.example.com/privkey.pem > /var/cpanel/ssl/cpanel/cpanel.pem cat /etc/letsencrypt/live/ccpanel.example.com/fullchain.pem >> /var/cpanel/ssl/cpanel/cpanel.pem # Start the webserver service httpd start
And to satisfy the need to automatically renew it every month, you can run it as a cronjob # Create a script on the path /usr/local/cpanel/scripts/install_letsencrypt_cert.sh echo "#!/bin/sh apt install certbot -y service httpd stop certbot certonly --no-self-upgrade --standalone --email example@domain.com --server > /usr/local/cpanel/scripts/install_letsencrypt_cert.sh Make it executablechmod +x /usr/local/cpanel/scripts/install_letsencrypt_cert.sh
Create a cronjob that renew it the 1st of each month at midnight(crontab -l 2>/dev/null; echo "0 0 1 * * /usr/local/cpanel/scripts/install_letsencrypt_cert.sh") | crontab -
Cheers, EE0
Please sign in to leave a comment.
Comments
17 comments