Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[How-To] Installing SSL from Let's Encrypt

Discussion in 'Security' started by cPMatthewV, Dec 4, 2015.

Thread Status:
Not open for further replies.
  1. Wootkit

    Wootkit Registered

    Joined:
    Dec 10, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Hong Kong
    cPanel Access Level:
    Root Administrator
    Hello there, am pretty sure your method can be modified for WHM's root account? I speaking about the WHM services, EXIM, Dovecot, FTP etc...
     
  2. eva2000

    eva2000 Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    330
    Likes Received:
    13
    Trophy Points:
    318
    Location:
    Brisbane, Australia
    cPanel Access Level:
    Root Administrator
    Twitter:
    yeah probably something like WHM Certificates Are not Working
     
    Wootkit likes this.
  3. webstandardcss

    webstandardcss Registered

    Joined:
    Apr 28, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I made some wrapper scripts to facilitate the installation and usage of Let's Encrypt and cpanel. The code is a small wrapper around the techniques listed in this tutorial. Thanks cPMatthewV for the code brother.
     
  4. webstandardcss

    webstandardcss Registered

    Joined:
    Apr 28, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    Here is another version 2 of the wrapper that installs SSL certificates to your cPanel server and automatically renews them using the Let's Encrypt command line tool for cPanel and CentOS 6.x.

    If you need a different CentOS then edit the rpm line of letsencrypt-cpanel-install.sh and see this page for the correct entry.
    How to Enable EPEL Repository for RHEL/CentOS 7.x/6.x/5.x

    The script downloads and sets up your python environment to use Let's Encrypt with cPanel

    Then it installs Let's Encrypt into the /root directory

    Script generates the /root/installssl.pl and prompts for the root password which is inserted into the WHM api wrapper perl script.

    The SSL certificate is placed in the correct location when installing Let's Encrypt.

    There are three files which should be saved to /usr/local/sbin/
    1. letsencrypt-cpanel-install.sh
      Run one time per dedicated server to install Lets Encrypt
    2. letsencrypt-cpanel-first.sh $USERNAME $DOMAIN
      Run one time per domain to set up a cert. Assuming email address webmaster@$DOMAIN
    3. letsencrypt-cpanel.sh $USERNAME $DOMAIN
      Usually run by cron for each domain once every 60 days to renew the ssl certificate, but can be manually run.
    I made some more changes and put awishlist in the issues for me or someone to fix. Instead of pasting a zip file again just here is the bitbucket.

    bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x
     
    #24 webstandardcss, Dec 10, 2015
    Last edited by a moderator: Dec 13, 2015
  5. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    78
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    Awesome script @webstandardcss, this will indeed make things easier for people who wish to try this, and we appreciate the efforts, however I must note that cPanel can only support or directly recommend our script. I have been meaning to get around to improving on this for a more automated experience but have been busy with support tickets. :D once we have more details on this we will be sure to update the posting.

    For now I would definitely recommend people use the method provided by cPanel in the initial post, especially if they have any concerns over third party scripts. While end users are welcome to create custom scripts or wrappers to make this easier or automated and are also welcome to purchase third party plugins, cPanel does not officialy support these methods and cannot assist with any issues caused by them.

    I would also like to note that cPanel's Development team is hard at work on bringing future support natively for Let's Encrypt without the need for extra scripts or steps. However it may be a little while before we get this added to the product since Let's Encrypt is still in Beta and there are a bunch of things for development to work on. But rest assured it is on its way.
     
    #25 cPMatthewV, Dec 11, 2015
    Last edited: Dec 13, 2015
    MaxFein and eva2000 like this.
  6. radeonpower

    radeonpower Well-Known Member

    Joined:
    Jul 23, 2009
    Messages:
    129
    Likes Received:
    1
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks for your input cPMatthewV. I just wanted people to know about this alternative (I'm not affiliated with this in anyway btw). :)
     
  7. webstandardcss

    webstandardcss Registered

    Joined:
    Apr 28, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for your input cPMatthewV, I added some more features to the script.

    letsencrypt-cpanel-all.sh command installs the SSL certificate for every cPanel user on the server while respecting rate limiting.

    Best to open this in a screen session so you can detach the terminal

    bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x

    And it works with CentOS 6 and 7 now

    Needs tested on CentOS 7

    If you are a GitHub forker, I explained how I synced up letsencrypt-cpanel Bitbucket to Github. It was fun and easy!

    github.com/webstandardcss/letsencrypt-cpanel/wiki
     
    #27 webstandardcss, Dec 12, 2015
    Last edited by a moderator: Dec 13, 2015
  8. Ekushey

    Ekushey Active Member

    Joined:
    Oct 26, 2011
    Messages:
    25
    Likes Received:
    3
    Trophy Points:
    128
    Location:
    Bangladesh
    cPanel Access Level:
    Root Administrator
    Twitter:
  9. rekabis

    rekabis Active Member

    Joined:
    Sep 19, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Unfortunately, for those of us who prefer standards, this cPanel script does not function properly. In particular, I have made my apache root at /var/www/ instead of /home/. It should really have been at /srv/ as per OpenSUSE and many other distros, but I do extensive partitioning of my file system anyhow -- /var/www/ is separate from the rest of /var/.

    Anyhow, my output is this:
    Code:
    root@ns01 [/]# letsencrypt-cpanel domainnet [URL='https://l.facebook.com/l.php?u=http%3A%2F%2Fwww.domain.net%2F&h=bAQHLO9dW']www.domain.net[/URL][EMAIL]webmaster@domain.net[/EMAIL]
    Using email address [EMAIL]domain@example.net[/EMAIL]
    Updating letsencrypt and virtual environment dependencies.......
    Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --email [EMAIL]webmaster@domain.net[/EMAIL] certonly --renew-by-default --webroot --webroot-path /home/domainnet/public_html/ -d [URL='https://l.facebook.com/l.php?u=http%3A%2F%2Fwww.domain.net%2F&h=PAQHqLvuU']www.domain.net[/URL] -d[URL='https://l.facebook.com/l.php?u=http%3A%2F%2Fwww.www.domain.net%2F&h=-AQGdJ-ym']www.www.domain.net[/URL]
    The webroot plugin is not working; there may be problems with your existing configuration.
    The error was: PluginError('/home/domainnet/public_html/ does not exist or is not a directory',)
    cannot open file /etc/letsencrypt/live/[URL='http://www.domain.net/cert.pem']www.domain.net/cert.pem[/URL] at /root/installssl.pl line 28.
    Well, gee -- no wonder this doesn’t work. The correct path is /var/www/domainnet/public_html/
     
    #29 rekabis, Dec 13, 2015
    Last edited by a moderator: Dec 13, 2015
  10. Krowchuk

    Krowchuk Registered

    Joined:
    Sep 26, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Reno
    cPanel Access Level:
    Root Administrator
    I disabled root user for ssh and I managed to run the hg clone using sudo and then verify it as sudo. But, when I tried to run the letsencrypt-cpanel-install.sh without sudo it failed of course with permissions denied. So, I then tried sudo letsencrypt-cpanel-install.sh and it said that the file did not exist.

    This is centos 7
     
  11. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    78
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    @rekabis I am sorry to see that you have had issues with this and your custom environment. Please note however that our script and instructions in the initial post are valid and inline with cPanel standards and the structure of our system which has been in place for years.

    We place all users under home and their Apache content under /home/user/public_html which is where this script checks.

    If users have a custom or additional home directory or custom path for their Apache content they would need to modify the script to set this.

    We will clear this up in the initial post to avoid any confusion and problems for users that use a custom / additional home directory.
     
  12. cPMatthewV

    cPMatthewV Quality Assurance Analyst
    Staff Member

    Joined:
    Apr 11, 2014
    Messages:
    21
    Likes Received:
    15
    Trophy Points:
    78
    Location:
    Houston, Tx
    cPanel Access Level:
    Root Administrator
    @Krowchuk you may wish to reach out to @webstandardcss for direct assistance with this as he designed this. We can really only provide assistance with issues pertaining to our instructions and script.
     
  13. Graywolfie

    Graywolfie Member

    Joined:
    Oct 14, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    Something that had me stumped for a while. I had installed a few certs without issue following the instructions in this thread. Then, upon another attempt I was getting the insufficient authorization error. The .well-known and acme-challenge directories were created but nothing could be put in them.

    The "forest for the trees" answer was Options -Indexes in the .htaccess file for the account. Comment that out and then it worked without issue.

    Hope that helps someone. :)
     
  14. Krowchuk

    Krowchuk Registered

    Joined:
    Sep 26, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Reno
    cPanel Access Level:
    Root Administrator
    Thanks @cPMatthewV - I appreciate that. I did not hear back from @webstandardcss so I uninstalled his script and decided to try yours. I get as far as: sudo cd /root/letsencrypt and get the error "no such file or directory"

    Can this be run as sudo?
     
  15. richardjkeys

    richardjkeys Registered

    Joined:
    Oct 16, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This works great! :)

    Got it working in no time on a site with a dedicated IP.

    This made me wonder though, does each site still need a dedicated IP to add a letsencrypt certificate?
     
  16. iSpeakVideo

    iSpeakVideo Registered

    Joined:
    Nov 14, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Love the notes...ssh ran without a problem to generate the SSL...but error when I run the installssl.pl:

    version":1,"reason":"The domain “domain.com” is not managed on this server. You must specify an IP address to install SSL for “domain.com”
     
  17. iSpeakVideo

    iSpeakVideo Registered

    Joined:
    Nov 14, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Nevermind...working to long today. Everything worked great. Awesome. Thanks cPanel!
     
  18. Ian Jacobson

    Ian Jacobson Registered

    Joined:
    Dec 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    I have tried to create a certificate for my hostname/cpanel/whm domains but am having a problem. Can anybody point me in the right direction?
     
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,700
    Likes Received:
    1,703
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you elaborate on which steps you took and the specific problem you encountered?

    Thank you.
     
  20. Ian Jacobson

    Ian Jacobson Registered

    Joined:
    Dec 20, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    This is the command I used to try and create one for the hostname. When I changed the domain to cpanel. or whm. it would say I don't have permission.

    ./letsencrypt-auto --text certonly --renew-by-default --webroot --webroot-path /usr/local/apache/htdocs/ -d s1.mydomain.com
    (s1.mydomain.com is the host name)
     
Loading...
Thread Status:
Not open for further replies.

Share This Page