Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to have a root SSL Letsencrypt for cPanel hostname

Discussion in 'Security' started by coer, Apr 4, 2017.

Tags:
  1. coer

    coer Registered

    Joined:
    Apr 4, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ams
    cPanel Access Level:
    Root Administrator
    I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM.
    In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail.

    I looked at Main >> Service Configuration >> Manage Service SSL Certificates but this only allows me to manually add a certificate, or use on of the existing self signed certificates.

    I'm aware of this blog post announcing the official 'Letsencrypt with AutoSSL plugin'. I installed it and enabled Letsencrypt as provider. But this only works for domains, not for the main root login of Panel (https://ipaddress:2087).

    Am I missing something? Is this possible? I can't find it on the feature list either, but maybe I'm not using the right search phrase.
    I'd appreciate your help / insights / solutions.
     
  2. coer

    coer Registered

    Joined:
    Apr 4, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ams
    cPanel Access Level:
    Root Administrator
    For clarification, before someone explains you cannot get a Letsencrypt certificate for an IP address, which would be right ;-)
    I of course have a qualifying domain name and an A-record pointing to the appropriate cPanel login at https://ipaddress:2087.
    I can log in using my domain https://www.domain.com:2087, but get an SSL warning as it currently is a self-signed certificate. I'd like to use Letsencrypt instead.

    I hope someone can help, I'm new at cPanel, I used DirectAdmin so far where I know my way.
     
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,304
    Likes Received:
    42
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    cPanel will provide you with a free signed certificate [automatically] for your server hostname, or should, unless you have specifically done something to cause it not to.

    See: Manage Service SSL Certificates - Documentation - cPanel Documentation
    - scroll down to "Free cPanel-signed certificate"

    Assuming you do not / have not created /var/cpanel/ssl/disable_auto_hostname_certificate and/or /var/cpanel/ssl/disable_service_certificate_management, then your server will automatically renew the hostname SSL certificate with a cPanel-signed SSL certificate before it expires.

    Mike
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  5. coer

    coer Registered

    Joined:
    Apr 4, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ams
    cPanel Access Level:
    Root Administrator
    Hi,
    I'd really appreciate if someone could please answer my question regarding Letsencrypt.

    "I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM.
    In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail."

    Thanks!
     
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,304
    Likes Received:
    42
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Why would you want to install a LetsEncrypt SSL (which has to autorenew every three months) when you can install a cPanel signed certificate [for free] that will last the year and will autorenew on its own?

    I don't think you can use a Letsencrypt SSL (at least not in any sort of automated fashion) on the server hostname. But again, there is no reason to. The free cPanel-signed (which is a bonafide SSL certificate that will not throw warnings in browsers) works just fine.

    Mike
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The Let's Encrypt plugin for cPanel only integrates with the AutoSSL feature, which generates SSL certificates for cPanel accounts. It does not generate hostname certificates for your system's services. This is documented at:

    The Let's Encrypt Plugin - cPanel Knowledge Base - cPanel Documentation

    Is there any reason you prefer to not use the Comodo certificate that's offered by default for the hostname SSL? Also, note that if you enable Let's Encrypt for cPanel accounts, then the Domain TLS functionality will ensure that certificate is used when cPanel/WHM/Webmail is accessed directly from the domain name:

    What is Domain TLS - cPanel Knowledge Base - cPanel Documentation

    Thank you.
     
  8. coer

    coer Registered

    Joined:
    Apr 4, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ams
    cPanel Access Level:
    Root Administrator
    Hi,
    Let's just say I'm a fan of LetsEncrypt, and not (at all!) of Comodo. In any case, my question was technical, and I would love for someone to help me accomplish it. I'm sure it's possible, its a matter of a script, a cPanel plugin or perhaps a series of SSH commands which someone may have figured out already, and could perhaps share to help.

    So, here I go again:

    Hi,
    I'd really appreciate if someone could please answer my question regarding Letsencrypt.

    "I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM.
    In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail."

    Thanks!
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You could manually install a Let's Encrypt SSL certificate for each service via:

    "WHM >> Manage Service SSL Certificates"

    However, you'd need to first disable the free cPanel-signed hostname SSL certificate functionality per the instructions at:

    Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation

    Note that the automatic renewal of the Let's Encrypt certificate won't occur for the server's hostname because the free hostname SSL functionality does not support Let's Encrypt. I encourage you to open a feature request if you'd like to see support for this added to the product:

    Submit A Feature Request

    Thanks!
     
Loading...

Share This Page