- Joined
- Feb 17, 2017
- Messages
- 51
- Points
- 0
Overview
The Let's Encrypt plugin allows you to automatically provision cPanel accounts with Let's Encrypt SSL certificates for sites that do not already have valid CA-signed SSL certificates.
Requirements
Root SSH access to WHM i386 or x86_64 CentOS 6 or 7 (5 is not supported) WHM 11.52 or higher (CloudLinux and LSWS compatible) Remote access key has been generated (/root/.accesshash). If it is not present, simply visit the Remote Access Key†page in WHM. Please note: cPanel DNSONLY servers are currently NOT supported.
Installation
To install the plugin, perform the following steps:
Log in to the command line via SSH as the root user.
Run the following command:
/scripts/install_lets_encrypt_autossl_provider
Thenselect Let's Encrypt as an AutoSSL provider, use WHM's Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL).
Installing Letsencrypt for Server Hostname
First take a backup of your current SSL CRT directory first:
# tar -zcf /root/cptechs/var_cpanel_ssl.tar.gz$(date +%s) /var/cpanel/ssl/
Go to WHM > Service Configuration > Manage Service SSL Certificates and clicked "Reset Certificate" for each service to install a Self Signed SSL CRT.
Run below command in command line to issue new SSLfor services
/usr/local/cpanel/bin/checkallsslcerts --verbose
The system will attempt to replace the self-signed certificate for the exim†service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the ftp†service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the dovecot†service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the cpanel†service with a signed certificate from the cPanel Store. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that /usr/local/cpanel/bin/checkallsslcerts†runs.
We can see the SSL CRT's have been requested for your services. The hostname for the SSL CRT will be with one that is currently defined in cPanel:
# whmapi1 gethostname|grep hostname:
hostname: server1.hostname.com
While the process is not always this fast, after a few moments, we can see the SSL CRT's are ready for install. Then re-ran the '/usr/local/cpanel/bin/checkallsslcerts --verbose' command which would have been ran at maintenance time. You may verify at WHM > Service Configuration > Manage Service SSL Certificates.
You can verify SSL installation by running https://server1.hostname.com:2087 You can see a green padlock with letsencrypt SSL.
The Let's Encrypt plugin allows you to automatically provision cPanel accounts with Let's Encrypt SSL certificates for sites that do not already have valid CA-signed SSL certificates.
Requirements
Root SSH access to WHM i386 or x86_64 CentOS 6 or 7 (5 is not supported) WHM 11.52 or higher (CloudLinux and LSWS compatible) Remote access key has been generated (/root/.accesshash). If it is not present, simply visit the Remote Access Key†page in WHM. Please note: cPanel DNSONLY servers are currently NOT supported.
Installation
To install the plugin, perform the following steps:
Log in to the command line via SSH as the root user.
Run the following command:
/scripts/install_lets_encrypt_autossl_provider
Thenselect Let's Encrypt as an AutoSSL provider, use WHM's Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL).
Installing Letsencrypt for Server Hostname
First take a backup of your current SSL CRT directory first:
# tar -zcf /root/cptechs/var_cpanel_ssl.tar.gz$(date +%s) /var/cpanel/ssl/
Go to WHM > Service Configuration > Manage Service SSL Certificates and clicked "Reset Certificate" for each service to install a Self Signed SSL CRT.
Run below command in command line to issue new SSLfor services
/usr/local/cpanel/bin/checkallsslcerts --verbose
The system will attempt to replace the self-signed certificate for the exim†service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the ftp†service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the dovecot†service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the cpanel†service with a signed certificate from the cPanel Store. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that /usr/local/cpanel/bin/checkallsslcerts†runs.
We can see the SSL CRT's have been requested for your services. The hostname for the SSL CRT will be with one that is currently defined in cPanel:
# whmapi1 gethostname|grep hostname:
hostname: server1.hostname.com
While the process is not always this fast, after a few moments, we can see the SSL CRT's are ready for install. Then re-ran the '/usr/local/cpanel/bin/checkallsslcerts --verbose' command which would have been ran at maintenance time. You may verify at WHM > Service Configuration > Manage Service SSL Certificates.
You can verify SSL installation by running https://server1.hostname.com:2087 You can see a green padlock with letsencrypt SSL.