Let's Encrypt Support

Status
Not open for further replies.

Alexandre T.

Registered
Apr 13, 2016
1
2
3
Brazil
cPanel Access Level
Root Administrator
Hello, Benny.

I'm here to support your decision to lock new comments to the feature request em Provide Support for Let's Encrypt Automated Certificate Management/SSL and moving the discussion to this thread.

I also believe there's nothing new to be said. The cPanel team already said the work is in progress, already posted their expected release date (3 to 4 months from now). Now, everyone has the information needed to chosse: a) NOT wait and go for an alternative solution, or b) WAIT and stop complaining.

I agree that this request is taking too long to be to be done, but as this is a NEW FEATURE and we've lived all this years without it, I also believe that cPanel need to focus more in other priorities, like updating existing services and increasing stability and security.

In the future, I hope that cPanel can reduce time to develop/accept new feature requests. However, I'm glad to see this request accepted and being incorporated into cPanel's services.

In my specific case, as I don't want to play around in my production server, I'm using Let's Encrypt in another server to generate the certificates, and moving them manually to the accounts I need. Not pretty, not nice, it's one day lost.

However, if cPanel releases this feature in 3 months, it means that I'll have to do it again only once, before delegating this to cPanel.

Thanks again.
 

Dhaupin

Active Member
Jan 3, 2014
41
4
8
cPanel Access Level
Root Administrator
Not gonna beat a dead horse about timeframes...instead I wanna reply to a comment by @SarahGebauer in the feature request portal:

Chrome dev branch is already marking http sites as insecure in the address bar. This has been in that branch for ~6 months so we can assume it'll be in live branch this summer sometime. Dev branch doesn't display the lander page about "insecure" at this time, but it still warns.
 

Attachments

Taubin

Registered
Jul 13, 2015
4
2
3
Auckland, NZ
cPanel Access Level
Website Owner
Thank you for locking the other thread, it was quite out of control. For those that are looking for a stopgap until an official implementation is in place, there is a project on github that enables LetsEncrypt within whm quite easily. I am not a contributor at all, I just happened to find it while searching. If this isn't allowed, please let me know, and I'll remove the post.

- Removed -
 
Last edited by a moderator:
C

cPanelUser-Inactive

Guest
Thanks everyone! I know stress levels are high, especially around that specific request, for loads of very valid reasons. I just wanted to reduce the signal-to-noise ration for the folks only there to keep abreast of our developments.
 
C

cPanelUser-Inactive

Guest
Whats the current ETA of the cPanel plugin, I dont know if I should buy this or wait
It looks like this might have been a cross-post, but just in case not: Our plugin for Let's Encrypt is in active development now, and baring anything unforseen, it will be ready by the time cPanel & WHM version 58 hits CURRENT. Our goal for that is the end of June or beginning of July.
 

macklus

Active Member
Jan 14, 2004
39
0
156
@cPanelBenny, sorry if other ask the same, but...
  • does Cpanel plugin support SNI ?
  • does Cpanel plugin support change SNI host (like mail.domain.tld instead of domain.tld) ?
  • does Cpanel plugin support webmail or whm subdomains (actually served by WHM, not apache) ?
  • does Cpanel plugin support WHM and Cpanel SSL ?
  • does Cpanel plugin allow to sign non-existent-on-cpanel subdomains ?
I really hope that ;-)
 
C

cPanelUser-Inactive

Guest
@cPanelBenny, sorry if other ask the same, but...
  • does cPanel plugin support SNI ?
  • does cPanel plugin support change SNI host (like mail.domain.tld instead of domain.tld) ?
  • does cPanel plugin support webmail or whm subdomains (actually served by WHM, not apache) ?
  • does cPanel plugin support WHM and cPanel SSL ?
  • does cPanel plugin allow to sign non-existent-on-cpanel subdomains ?
I really hope that ;-)
That's no problem at all. Answers are below:
  • The plugin works on systems that support SNI.
  • The short answer is that the plugin installs SSLs for domains configured on the system. You will be able to define on a per-package basis if the an account gets issued SSLs, but not specify on a per-domain level.
  • Proxy subdomain support is not part of this release, but it is a requested feature and will hopefully be supported as of v60 or v62.
  • The plugin will only issue SSLs for qualified domains (and subdomains) that are configured in cPanel.
Once it's goes public we'll have full documentation available, but let me know if you have any other general questions!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
  • Like
Reactions: cPanelUser-Inactive
C

cPanelUser-Inactive

Guest
So version 58 is here, how do I start using Lets Encrypt?
Unfortunately the plugin for Let's Encrypt isn't quite ready for prime time. Our development team is working on it still, and we hope to have it ready by the time v58 goes to STABLE. The plugin will integrate into the AutoSSL feature in v58+, which you can read more about in the release notes and on our documentation site:

58 Release Notes - Documentation - cPanel Documentation
Manage AutoSSL - Documentation - cPanel Documentation

The creation of AutoSSL started around 3.5 years ago, so we're super excited to see it come to fruition. Adding Let's Encrypt support is the obvious next step, and I'm so glad to see it's so close.
 
C

cPanelUser-Inactive

Guest
Is there any way I can be a tester for it?
Unfortunately we're currently maxed out for beta-testers, but I'm hopeful we'll see a public release in the coming weeks.
 

norelidd

Well-Known Member
Jan 15, 2007
173
1
168
Let's say I have a cPanel account with a domain that is a WPMS (WordPress Multi Site) host, called wpms.com

I set up additional blogs on it, some with their own domain, some as subdomains. The additional domains are all set up as alias domains.

My network now looks like this

wpms.com < main wpms site
recipes.wpms.com < a blog on a subdomain
myfamilyblog.com < a blog on its own domain
mycompanysite.com < a blog on its own domain

all of these sites are served by the same WPMS installation in the same cPanel account, and all point to \public_html\. WPMS handles the lookup of each domain and serving up the appropriate blog content.

How does cPanel's Lets Encrypt implementation handle this? Does I get 4 certificates, one for each domain and subdomain? Or does it request one cert with the other domains as additional names?

If I could vote on it, I'd really love for it to get one cert per domain. Other LE solutions request one cert for many domains, leaking data about unrelated sites. If someone inspected the (perfectly valid) mycompanysite.com cert, they'd see that it was hosted on wpms.com and that I also run myfamilyblog.com from it. I don't necessarily want to have all of those names mingling.
 

jhawkins003

Member
Jun 24, 2014
17
2
3
cPanel Access Level
Root Administrator
Howdy Cpanelers! Quick question - will the new CP plugin under development be compatible with LE certs deployed using the third party Let's Encrypt for cPanel letsencrypt-for-cpanel.com plugin?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Howdy Cpanelers! Quick question - will the new CP plugin under development be compatible with LE certs deployed using the third party Let's Encrypt for cPanel letsencrypt-for-cpanel.com plugin?
Hello,

It's likely you will need to uninstall that plugin and utilize the official plugin offered through cPanel. However, this is a question better answered by the developer of that plugin.

Thank you.
 
C

cPanelUser-Inactive

Guest
Let's say I have a cPanel account with a domain that is a WPMS (WordPress Multi Site) host, called wpms.com

I set up additional blogs on it, some with their own domain, some as subdomains. The additional domains are all set up as alias domains.

My network now looks like this

wpms.com < main wpms site
recipes.wpms.com < a blog on a subdomain
myfamilyblog.com < a blog on its own domain
mycompanysite.com < a blog on its own domain

all of these sites are served by the same WPMS installation in the same cPanel account, and all point to \public_html\. WPMS handles the lookup of each domain and serving up the appropriate blog content.

How does cPanel's Lets Encrypt implementation handle this? Does I get 4 certificates, one for each domain and subdomain? Or does it request one cert with the other domains as additional names?

If I could vote on it, I'd really love for it to get one cert per domain. Other LE solutions request one cert for many domains, leaking data about unrelated sites. If someone inspected the (perfectly valid) mycompanysite.com cert, they'd see that it was hosted on wpms.com and that I also run myfamilyblog.com from it. I don't necessarily want to have all of those names mingling.
The plugin (as it works right now, which has a chance of changing before we leave BETA but likely won't) doesn't much care how the sites are served, as long as it can verify the domain. In this case you would get individual SSLs issued for each domain that you referenced (4 SSLs in total), completely independent of each other.
 
  • Like
Reactions: jhawkins003
Status
Not open for further replies.