2415

How to enable LetsEncrypt on Cpanel server?

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).It is a digital certificates in order to enable HTTPS (SSL/TLS) for websites.The principles behind Let’s Encrypt are below:
#Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost
#Software running on a web server can interact with Let’s Encrypt to obtain a certificate, securely configure it for use and automatically take care of renewal.
#It is a open standard that others can adopt.
#Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
#It also all certificates issued or revoked will be publicly recorded and available for anyone to inspect.
#It help site operators properly secure their servers.
The objective of Let’s Encrypt  is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention.and is done by running a certificate management agent on the web server.
    Let’s Encrypt is out with cPanel/WHM plugin to support everything out of the box.In the release of cPanel & WHM version 58, there has been the addition of an AutoSSL feature, this tool can be used to automatically provide Domain Validated SSL for domains on our WHM & cPanel servers, either with cPanel/COMODO ssl or Let’s Encrypt SSL.SSL certificate is vital if we want to protect the customers and maintain or improve our search engine ranking. Google recently announced that they will be marking all sites without an SSL certificate as insecure.

The follwoing are the steps to enable LetsEncrypt on Cpanel server.

1)Initial Configuration

The server should be running cPanel & WHM version 58.0.17, or higher. Also, it is recommend to have ssh access to server in order to perform these steps.We configured Putty or another ssh client to connect to the server securely via a commandline interface.

2)Installing and Enabling Let’s Encrypt Auto SSL

In order to install the Let’s Encrypt AutoSSL provider plugin simply log in to the server as the root user via SSH and execute the following command:

# /scripts/install_lets_encrypt_autossl_provider

Running this will add and install the necessary RPM files in order to support Let’s Encrypt as an AutoSSL provider. The command should yield results similar to the following:

Installed the cpanel-letsencrypt RPM! AutoSSL can now use Let’s Encrypt. 

3)Confirming Installation

To double check that this has been successful we can simply pull up WHM and load the "Manage AutoSSL" page. On this page,and we can see "Let's Encrypt" as an option for AutoSSL Providers. 

Configuring AutoSSL

For this step we need to  have to logined to WHM with root account, open the following URL in  browser:"https://cpanel-server:2087"
Then go to WHM >> Home >> SSL/TLS >> Manage AutoSSL, select Let’s Encrypt from AutoSSL Providers, accept the terms of service and check the ‘Create a new registration with the provider’ checkbox then click Save.We can see a little loading icon over the AutoSSL Providers menu and afterwards WHM should display a message that it has successfully registered with Let’s Encrypt.Depending on  preferences we can click the ‘Run AutoSSL For All Users’ button and AutoSSL will automatically replace the SSL certificates for all users on the server.If we no need to replace the SSL certificates for all the users on our server we can click on the ‘Manage Users’ tab and set the Disable AutoSSL setting for the users that have EV or OV SSL certificates.If there are more users with EV or OV SSL certificates than users that will use Let’s Encrypt certificates, 
go to WHM >> Home >> Feature Manager select ‘disabled’ from the ‘Manage feature list’ drop down menu and click Edit, check AutoSSL and click Save.And now the AutoSSL is disabled by default and we can enable AutoSSL only for the users that need to use Let’s Encrypt certificates.

How to enable Let’s Encrypt on WHM for resellers

For reseller,he/she should ensure that all customers are aware of the need to have an SSL in place and to discuss their options.Free SSL in the form of Let’s Encrypt that these are ideal for low traffic sites that are not ecommerce stores. They do not have any sort of warranty.
Here is the steps for reselller to enable Let’s Encrypt on WHM
1)Log into  WHM admin panel
2)Create or edit an existing Features List, using Features Manager
3)In the “Add a new feature list” field enter SSL and click the Add Feature List button
4)Put a tick in the “Select all features” field, scroll down the page and click the save button at the very bottom.
5)Apply the features list to existing packages or create a new one.

 When we automatically renew Let’s Encrypt certificates,it won’t be automatically installed. The installssl.pl script doesn’t seem to handle the installation of the certificate. Instead, we need to update the renewed certificates within the user cPanel account for the domain manually. To do this, open cPanel and view the SSL/TSL settings page, update the currently installed SSL certificate and enter in the new details. The details for the new certificate will need to be obtained via logging into the ROOT server via SSH and viewing the updated SSL certificate details in the folder, /etc/letsencrypt/live/yourdomain.com where we can use the command pico cert.pem and pico privkey.pem to view the details we need to copy over to cPanel. It’s decoding the SSL certificates in these two files to make sure the dates have been updated, we can use a tool such as an SSL Certificate Decoder to decode the certificate. If the certificate is still showing the old details, then we need to run the command letsencrypt-auto renew which will update the certificates.

Leave a Reply