The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Let's Encrypt For cPanel DNSOnly

Discussion in 'Security' started by MajorLancelot, Dec 13, 2016.

  1. MajorLancelot

    MajorLancelot Member

    Joined:
    Dec 17, 2014
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    78
    Location:
    Shinjuku-ku, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    Since cPanel doesn't offer SSL for DNS servers, can Let's Encrypt be installed on cPanel DNSOnly using the same script?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    cPanel DNS-Only is designed for DNS management purposes. Domain-validated SSL certificate providers such as Let's Encrypt depend on the domain name resolving to the server where the certificate is requested to complete the validation process. Since cPanel DNS-Only is used for DNS hosting and doesn't include the Apache service, AutoSSL functionality isn't offered.

    Instead, you'd install the SSL certificate on the cPanel server that hosts the domain name.

    Thank you.
     
  3. MajorLancelot

    MajorLancelot Member

    Joined:
    Dec 17, 2014
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    78
    Location:
    Shinjuku-ku, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    I totally understand the reason why AutoSSL is not part of DNSOnly package.

    However, we have all gotten used to not having those pesky browser warnings.
    But your reason is also understandable.

    Say Michael, beyond 53, 2087, 25/26, UDP 123 what are the others ports that ought to be open (inbound and outside) DNSOnly needs to function 100% properly in a cluster?

    Thanks.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    One of the current prerequisites for the free hostname SSL certificate is a cPanel license, and thus it's not offered on DNS-Only installations due to a lack of a cPanel license on those systems. That said, I encourage you to open a feature request if you'd like to see AutoSSL support for the server's hostname with cPanel DNS-Only:

    Submit A Feature Request

    Ports 53 and 2087 are sufficient, however you'd also want port 25 open for email notifications. Additionally, you should allow connections from the port SSH is configured on in the event you need to access the system via the command line.

    Thanks!
     
  5. MajorLancelot

    MajorLancelot Member

    Joined:
    Dec 17, 2014
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    78
    Location:
    Shinjuku-ku, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    Thank you so much for the update, Micheal.
    I have done as you requested.
     
    cPanelMichael likes this.
  6. jwogrady

    jwogrady Member

    Joined:
    Jul 9, 2014
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    @cPanelMichael, while I appreciate the straightforward answer, this is a terrible business decision. Do you guys not care that admins have to make a browser exception to trust an unsigned certificate to administer the DNS server? Yeah, it's secure, but we all know it is bad practice. If you tolerate this security issue makes me wonder what else you give a pass.... I really hope cPanel/WHM rethinks this... You guys should be generating a trusted certificate on every install by default.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @jwogrady,

    You can find additional discussion of this topic, including a potential workaround, on the following feature request:

    Automatic SSL for DNSOnly

    Thank you.
     
Loading...

Share This Page