Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to have a root SSL Letsencrypt for cPanel hostname

Discussion in 'Security' started by codermjb, Jul 7, 2018.

  1. codermjb

    codermjb Registered

    Joined:
    Jul 7, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner
    cPanel Forum forced me to recreate the same thread... taken from here: How to have a root SSL Letsencrypt for cPanel hostname

    I would like to install a Letsencrypt SSL certificate which autorenews on the root login for cPanel/WHM.
    In other words, a Letsencrypt SSL certificate for use by cPanel, the WebHost Manager, and Webmail.

    I looked at Main >> Service Configuration >> Manage Service SSL Certificates but this only allows me to manually add a certificate, or use on of the existing self signed certificates.

    I'm aware of this blog post announcing the official 'Letsencrypt with AutoSSL plugin'. I installed it and enabled Letsencrypt as provider. But this only works for domains, not for the main root login of Panel (https://domain.com:2087).

    Am I missing something? Is this possible? I can't find it on the feature list either, but maybe I'm not using the right search phrase.
    I'd appreciate your help / insights / solutions.

    ===================

    The issue is that Let's Encrypt works for the domains, and the cPanel AutoSSL does not work when behind CloudFlare. However, Let's Encrypt doesn't support cPanel Services.

    How can we get this working?
     
  2. codermjb

    codermjb Registered

    Joined:
    Jul 7, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner
    This is the error I recieve when running:
    /usr/local/cpanel/bin/checkallsslcerts
    Code:
    [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID 3vrhsx) Extra scalar(s) passed to Cpanel::Exception! (domain.com http://domain.com/.well-known/pki-validation/7F8C7636D40278E6404EDA3EE3FEF951.txt)
    Yet public side CloudFlare converts to
    Code:
    https://domain.com/.well-known/pki-validation/7F8C7636D40278E6404EDA3EE3FEF951.txt 
    and loads just fine. The Let's Encrypt SSL works for all of the account hostnames. Just cPanel AutoSSL does not support any of this which renders it useless for the entire server.

    I am surprised we are able to Let's Encrypt all the SSL's on the server except the service one? Why is this not offered??
     
    #2 codermjb, Jul 7, 2018
    Last edited by a moderator: Jul 7, 2018
  3. cPanelFelipe

    cPanelFelipe Member
    Staff Member

    Joined:
    Apr 10, 2013
    Messages:
    10
    Likes Received:
    8
    Trophy Points:
    78
    The hostname itself is secured by a free, 1-year, cPanel-signed certificate that is automatically issued and installed as part of your cPanel license. This certificate renews automatically.

    What would be the advantage to having a Let’s Encrypt certificate instead?
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice