[How-To] Installing SSL from Let's Encrypt

Status
Not open for further replies.

webstandardcss

Registered
Apr 28, 2013
4
0
1
cPanel Access Level
Root Administrator
I made some wrapper scripts to facilitate the installation and usage of Let's Encrypt and cpanel. The code is a small wrapper around the techniques listed in this tutorial. Thanks cPMatthewV for the code brother.

Here is another version 2 of the wrapper that installs SSL certificates to your cPanel server and automatically renews them using the Let's Encrypt command line tool for cPanel and CentOS 6.x.

If you need a different CentOS then edit the rpm line of letsencrypt-cpanel-install.sh and see this page for the correct entry.
How to Enable EPEL Repository for RHEL/CentOS 7.x/6.x/5.x

The script downloads and sets up your python environment to use Let's Encrypt with cPanel

Then it installs Let's Encrypt into the /root directory

Script generates the /root/installssl.pl and prompts for the root password which is inserted into the WHM api wrapper perl script.

The SSL certificate is placed in the correct location when installing Let's Encrypt.

There are three files which should be saved to /usr/local/sbin/
  1. letsencrypt-cpanel-install.sh
    Run one time per dedicated server to install Lets Encrypt
  2. letsencrypt-cpanel-first.sh $USERNAME $DOMAIN
    Run one time per domain to set up a cert. Assuming email address [email protected]$DOMAIN
  3. letsencrypt-cpanel.sh $USERNAME $DOMAIN
    Usually run by cron for each domain once every 60 days to renew the ssl certificate, but can be manually run.
I made some more changes and put awishlist in the issues for me or someone to fix. Instead of pasting a zip file again just here is the bitbucket.

bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x
 
Last edited by a moderator:

cPMatthewV

Quality Assurance Analyst
Staff member
Apr 11, 2014
21
16
78
Houston, Tx
cPanel Access Level
Root Administrator
Awesome script @webstandardcss, this will indeed make things easier for people who wish to try this, and we appreciate the efforts, however I must note that cPanel can only support or directly recommend our script. I have been meaning to get around to improving on this for a more automated experience but have been busy with support tickets. :D once we have more details on this we will be sure to update the posting.

For now I would definitely recommend people use the method provided by cPanel in the initial post, especially if they have any concerns over third party scripts. While end users are welcome to create custom scripts or wrappers to make this easier or automated and are also welcome to purchase third party plugins, cPanel does not officialy support these methods and cannot assist with any issues caused by them.

I would also like to note that cPanel's Development team is hard at work on bringing future support natively for Let's Encrypt without the need for extra scripts or steps. However it may be a little while before we get this added to the product since Let's Encrypt is still in Beta and there are a bunch of things for development to work on. But rest assured it is on its way.
 
Last edited:
  • Like
Reactions: MaxFein and eva2000

webstandardcss

Registered
Apr 28, 2013
4
0
1
cPanel Access Level
Root Administrator
Thanks for your input cPMatthewV, I added some more features to the script.

letsencrypt-cpanel-all.sh command installs the SSL certificate for every cPanel user on the server while respecting rate limiting.

Best to open this in a screen session so you can detach the terminal

bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x

And it works with CentOS 6 and 7 now

Needs tested on CentOS 7

If you are a GitHub forker, I explained how I synced up letsencrypt-cpanel Bitbucket to Github. It was fun and easy!

github.com/webstandardcss/letsencrypt-cpanel/wiki
 
Last edited by a moderator:

rekabis

Active Member
Sep 19, 2014
25
0
1
cPanel Access Level
Root Administrator
Unfortunately, for those of us who prefer standards, this cPanel script does not function properly. In particular, I have made my apache root at /var/www/ instead of /home/. It should really have been at /srv/ as per OpenSUSE and many other distros, but I do extensive partitioning of my file system anyhow -- /var/www/ is separate from the rest of /var/.

Anyhow, my output is this:
Code:
[email protected] [/]# letsencrypt-cpanel domainnet [URL='https://l.facebook.com/l.php?u=http%3A%2F%2Fwww.domain.net%2F&h=bAQHLO9dW']www.domain.net[/URL][EMAIL][email protected][/EMAIL]
Using email address [EMAIL][email protected][/EMAIL]
Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --email [EMAIL][email protected][/EMAIL] certonly --renew-by-default --webroot --webroot-path /home/domainnet/public_html/ -d [URL='https://l.facebook.com/l.php?u=http%3A%2F%2Fwww.domain.net%2F&h=PAQHqLvuU']www.domain.net[/URL] -d[URL='https://l.facebook.com/l.php?u=http%3A%2F%2Fwww.www.domain.net%2F&h=-AQGdJ-ym']www.www.domain.net[/URL]
The webroot plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('/home/domainnet/public_html/ does not exist or is not a directory',)
cannot open file /etc/letsencrypt/live/[URL='http://www.domain.net/cert.pem']www.domain.net/cert.pem[/URL] at /root/installssl.pl line 28.
Well, gee -- no wonder this doesn’t work. The correct path is /var/www/domainnet/public_html/
 
Last edited by a moderator:

Krowchuk

Registered
Sep 26, 2015
3
0
1
Reno
cPanel Access Level
Root Administrator
I disabled root user for ssh and I managed to run the hg clone using sudo and then verify it as sudo. But, when I tried to run the letsencrypt-cpanel-install.sh without sudo it failed of course with permissions denied. So, I then tried sudo letsencrypt-cpanel-install.sh and it said that the file did not exist.

This is centos 7
 

cPMatthewV

Quality Assurance Analyst
Staff member
Apr 11, 2014
21
16
78
Houston, Tx
cPanel Access Level
Root Administrator
@rekabis I am sorry to see that you have had issues with this and your custom environment. Please note however that our script and instructions in the initial post are valid and inline with cPanel standards and the structure of our system which has been in place for years.

We place all users under home and their Apache content under /home/user/public_html which is where this script checks.

If users have a custom or additional home directory or custom path for their Apache content they would need to modify the script to set this.

We will clear this up in the initial post to avoid any confusion and problems for users that use a custom / additional home directory.
 

cPMatthewV

Quality Assurance Analyst
Staff member
Apr 11, 2014
21
16
78
Houston, Tx
cPanel Access Level
Root Administrator
I disabled root user for ssh and I managed to run the hg clone using sudo and then verify it as sudo. But, when I tried to run the letsencrypt-cpanel-install.sh without sudo it failed of course with permissions denied. So, I then tried sudo letsencrypt-cpanel-install.sh and it said that the file did not exist.

This is centos 7
@Krowchuk you may wish to reach out to @webstandardcss for direct assistance with this as he designed this. We can really only provide assistance with issues pertaining to our instructions and script.
 

Graywolfie

Member
Oct 14, 2004
7
0
151
Something that had me stumped for a while. I had installed a few certs without issue following the instructions in this thread. Then, upon another attempt I was getting the insufficient authorization error. The .well-known and acme-challenge directories were created but nothing could be put in them.

The "forest for the trees" answer was Options -Indexes in the .htaccess file for the account. Comment that out and then it worked without issue.

Hope that helps someone. :)
 

Krowchuk

Registered
Sep 26, 2015
3
0
1
Reno
cPanel Access Level
Root Administrator
@Krowchuk you may wish to reach out to @webstandardcss for direct assistance with this as he designed this. We can really only provide assistance with issues pertaining to our instructions and script.
Thanks @cPMatthewV - I appreciate that. I did not hear back from @webstandardcss so I uninstalled his script and decided to try yours. I get as far as: sudo cd /root/letsencrypt and get the error "no such file or directory"

Can this be run as sudo?
 

richardjkeys

Registered
Oct 16, 2013
3
0
1
cPanel Access Level
Root Administrator
This works great! :)

Got it working in no time on a site with a dedicated IP.

This made me wonder though, does each site still need a dedicated IP to add a letsencrypt certificate?
 

iSpeakVideo

Registered
Nov 14, 2012
3
0
1
cPanel Access Level
DataCenter Provider
Love the notes...ssh ran without a problem to generate the SSL...but error when I run the installssl.pl:

version":1,"reason":"The domain “domain.com” is not managed on this server. You must specify an IP address to install SSL for “domain.com”
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
I have tried to create a certificate for my hostname/cpanel/whm domains but am having a problem. Can anybody point me in the right direction?
Could you elaborate on which steps you took and the specific problem you encountered?

Thank you.
 

Ian Jacobson

Registered
Dec 20, 2015
3
0
1
United States
cPanel Access Level
Root Administrator
Could you elaborate on which steps you took and the specific problem you encountered?

Thank you.
This is the command I used to try and create one for the hostname. When I changed the domain to cpanel. or whm. it would say I don't have permission.

./letsencrypt-auto --text certonly --renew-by-default --webroot --webroot-path /usr/local/apache/htdocs/ -d s1.mydomain.com
(s1.mydomain.com is the host name)
 
Status
Not open for further replies.