Generate and install free SSL on a Centos VPS

[psytanium]

Hi,

I have a Godaddy SSL certificate installed for 4 years now, but about to expire soon and I have to renew it, but looking for a way to save the SSL cert price and install a free certificate on my Centos VPS server.

What do you recommend ? Where to start ? Let's Encrypt or the default CPanel (powered by Sectigo) ?

Note: I'm not talking about the cPanel users SSL, but the server, so when I login to WHM or cPanels, or webmails, etc..

Thank you for any direction.

 

[ffeingol]

For the server SSL it's going to be the cPanel/Sectigo one by default if you let it. There is not built in method to put a Let's Encrypt cert for the server, but some people have found a way to do it.

 

[cPRex]

Hey there! @ffeingol is correct that you can get a free SSL from Sectigo on the hostname. You can find more details about how to install this in our support article here:

Install the free SSL Certificate on the server's hostname

Since cPanel version 56, cPanel has been providing free SSLs for your server's hostname. These are installed through a completely automated process that runs as part of the nightly update checks pe...

support.cpanel.net

Let us know if that doesn't work well for you!

 

[psytanium]

For the server SSL it's going to be the cPanel/Sectigo one by default if you let it. There is not built in method to put a Let's Encrypt cert for the server, but some people have found a way to do it.

You mean self signed certificate ? it will generate warnings. Is there a way to install free SSL but without generating warnings ?

 

[cPRex]

The link I provided explains how you can force the installation of a free certificate on the server's hostname. Is that not working well for you?

 

[psytanium]

The link I provided explains how you can force the installation of a free certificate on the server's hostname. Is that not working well for you?

Hi, I did as the document explain, just running the command :

/usr/local/cpanel/bin/checkallsslcerts

I get the following output:

The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The certificate for the “cpanel” service passed all checks.
The system will check for the certificate for the “dovecot” service.
The system will attempt to verify that the certificate for the “dovecot” service is still valid using OCSP (Online Certificate Status Protocol).
The certificate for the “dovecot” service passed all checks.
The system will check for the certificate for the “exim” service.
The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate Status Protocol).
The certificate for the “exim” service passed all checks.
The system will check for the certificate for the “ftp” service.
The system will attempt to verify that the certificate for the “ftp” service is still valid using OCSP (Online Certificate Status Protocol).
The certificate for the “ftp” service passed all checks.

 

[cPRex]

Thanks for the output. That looks normal for a certificate that is in good standing. If you want to replace it, it would be best to use the WHM >> Manage Service SSL Certificates are to reset each one to self-signed, and then run that command again to reinstall a valid one. There isn't a way to use that command to overwrite a valid certificate.

 

[psytanium]

Amazing, thank you. It worked after I did a reset, generated self signed cert, then run the command you provided

 

[cPRex]

Great - I'm glad that's all that was needed!