Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

Installing Free SSL for Server Hostname Using Letsencrypt
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Installing Free SSL for Server Hostname Using Letsencrypt

HostGlidersHostGliders Member
edited February 2017 in Tutorials

Overview

The Let's Encrypt plugin allows you to automatically provision cPanel accounts with Let's Encrypt SSL certificates for sites that do not already have valid CA-signed SSL certificates.

Requiremenst
Root SSH access to WHM
i386 or x86_64 CentOS 6 or 7 (5 is not supported)
WHM 11.52 or higher (CloudLinux and LSWS compatible)
Remote access key has been generated (/root/.accesshash). If it is not present, simply visit the “Remote Access Key” page in WHM.
Please note: cPanel DNSONLY servers are currently NOT supported.

Installation

To install the plugin, perform the following steps:

Log in to the command line via SSH as the root user.

Run the following command:

** /scripts/install_lets_encrypt_autossl_provider**

Thenselect Let's Encrypt as an AutoSSL provider, use WHM's Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL).

Installing Letsencrypt for Server Hostname

First take a backup of your current SSL CRT directory first:

# tar -zcf /root/cptechs/var_cpanel_ssl.tar.gz$(date +%s) /var/cpanel/ssl/

Go to WHM > Service Configuration > Manage Service SSL Certificates and clicked "Reset Certificate" for each service to install a Self Signed SSL CRT.

Run below command in command line to issue new SSLfor services

/usr/local/cpanel/bin/checkallsslcerts --verbose

The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.

We can see the SSL CRT's have been requested for your services. The hostname for the SSL CRT will be with one that is currently defined in cPanel:

# whmapi1 gethostname|grep hostname:

hostname: server1.hostname.com

While the process is not always this fast, after a few moments, we can see the SSL CRT's are ready for install.
Then re-ran the '/usr/local/cpanel/bin/checkallsslcerts --verbose' command which would have been ran at maintenance time. You may verify at WHM > Service Configuration > Manage Service SSL Certificates.

You can verify SSL installation by running https://server1.hostname.com:2087
You can see a green padlock with letsencrypt SSL.

Thanked by 1surihost
Sign In or Register to comment.