The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Let's Encrypt Support

Discussion in 'General Discussion' started by cPanelBenny, Apr 13, 2016.

Tags:
Thread Status:
Not open for further replies.
  1. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    43
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    Alex Smith, cPTerrance and Taubin like this.
  2. Alexandre T.

    Alexandre T. Registered

    Joined:
    Apr 13, 2016
    Messages:
    1
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello, Benny.

    I'm here to support your decision to lock new comments to the feature request em Provide Support for Let's Encrypt Automated Certificate Management/SSL and moving the discussion to this thread.

    I also believe there's nothing new to be said. The cPanel team already said the work is in progress, already posted their expected release date (3 to 4 months from now). Now, everyone has the information needed to chosse: a) NOT wait and go for an alternative solution, or b) WAIT and stop complaining.

    I agree that this request is taking too long to be to be done, but as this is a NEW FEATURE and we've lived all this years without it, I also believe that cPanel need to focus more in other priorities, like updating existing services and increasing stability and security.

    In the future, I hope that cPanel can reduce time to develop/accept new feature requests. However, I'm glad to see this request accepted and being incorporated into cPanel's services.

    In my specific case, as I don't want to play around in my production server, I'm using Let's Encrypt in another server to generate the certificates, and moving them manually to the accounts I need. Not pretty, not nice, it's one day lost.

    However, if cPanel releases this feature in 3 months, it means that I'll have to do it again only once, before delegating this to cPanel.

    Thanks again.
     
    cPTerrance and cPanelBenny like this.
  3. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. Dhaupin

    Dhaupin Member

    Joined:
    Jan 3, 2014
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Not gonna beat a dead horse about timeframes...instead I wanna reply to a comment by @SarahGebauer in the feature request portal:

    Chrome dev branch is already marking http sites as insecure in the address bar. This has been in that branch for ~6 months so we can assume it'll be in live branch this summer sometime. Dev branch doesn't display the lander page about "insecure" at this time, but it still warns.
     

    Attached Files:

  5. Taubin

    Taubin Registered

    Joined:
    Jul 13, 2015
    Messages:
    4
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Auckland, NZ
    cPanel Access Level:
    Website Owner
    Thank you for locking the other thread, it was quite out of control. For those that are looking for a stopgap until an official implementation is in place, there is a project on github that enables LetsEncrypt within whm quite easily. I am not a contributor at all, I just happened to find it while searching. If this isn't allowed, please let me know, and I'll remove the post.

    - Removed -
     
    #5 Taubin, Apr 13, 2016
    Last edited by a moderator: May 6, 2016
    cPTerrance and cPanelBenny like this.
  6. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    43
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks everyone! I know stress levels are high, especially around that specific request, for loads of very valid reasons. I just wanted to reduce the signal-to-noise ration for the folks only there to keep abreast of our developments.
     
  7. Richard Edwards

    Joined:
    Mar 7, 2016
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Bristol
    cPanel Access Level:
    Root Administrator
    Whats the current ETA of the cPanel plugin, I dont know if I should buy this or wait

    [Mod Note: - The link to the third-party plugin was removed]
     
    #7 Richard Edwards, May 6, 2016
    Last edited by a moderator: May 6, 2016
  8. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    43
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    It looks like this might have been a cross-post, but just in case not: Our plugin for Let's Encrypt is in active development now, and baring anything unforseen, it will be ready by the time cPanel & WHM version 58 hits CURRENT. Our goal for that is the end of June or beginning of July.
     
  9. macklus

    macklus Active Member

    Joined:
    Jan 14, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    @cPanelBenny, sorry if other ask the same, but...
    • does Cpanel plugin support SNI ?
    • does Cpanel plugin support change SNI host (like mail.domain.tld instead of domain.tld) ?
    • does Cpanel plugin support webmail or whm subdomains (actually served by WHM, not apache) ?
    • does Cpanel plugin support WHM and Cpanel SSL ?
    • does Cpanel plugin allow to sign non-existent-on-cpanel subdomains ?
    I really hope that ;-)
     
  10. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    43
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    That's no problem at all. Answers are below:
    • The plugin works on systems that support SNI.
    • The short answer is that the plugin installs SSLs for domains configured on the system. You will be able to define on a per-package basis if the an account gets issued SSLs, but not specify on a per-domain level.
    • Proxy subdomain support is not part of this release, but it is a requested feature and will hopefully be supported as of v60 or v62.
    • The plugin will only issue SSLs for qualified domains (and subdomains) that are configured in cPanel.
    Once it's goes public we'll have full documentation available, but let me know if you have any other general questions!
     
  11. TwixtedChaox

    TwixtedChaox Registered

    Joined:
    Jun 27, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Geneva, NY
    cPanel Access Level:
    Root Administrator
    I would like to know the status of this.... I really don't want to have to buy the plugin I found..
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The plugin is still on target for publication during the cPanel 58 release cycle, however no specific time frame is available at this time. You can follow the progress on the official feature request page, located at:

    Provide Support for Let's Encrypt Automated Certificate Management/SSL

    Thank you.
     
    cPanelBenny likes this.
  13. trs

    trs Member

    Joined:
    Jul 7, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Mississauga
    cPanel Access Level:
    Root Administrator
    So version 58 is here, how do I start using Lets Encrypt?
     
  14. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    43
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    Unfortunately the plugin for Let's Encrypt isn't quite ready for prime time. Our development team is working on it still, and we hope to have it ready by the time v58 goes to STABLE. The plugin will integrate into the AutoSSL feature in v58+, which you can read more about in the release notes and on our documentation site:

    58 Release Notes - Documentation - cPanel Documentation
    Manage AutoSSL - Documentation - cPanel Documentation

    The creation of AutoSSL started around 3.5 years ago, so we're super excited to see it come to fruition. Adding Let's Encrypt support is the obvious next step, and I'm so glad to see it's so close.
     
  15. trs

    trs Member

    Joined:
    Jul 7, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Mississauga
    cPanel Access Level:
    Root Administrator
    Is there any way I can be a tester for it?
     
  16. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    43
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    Unfortunately we're currently maxed out for beta-testers, but I'm hopeful we'll see a public release in the coming weeks.
     
  17. norelidd

    norelidd Well-Known Member

    Joined:
    Jan 15, 2007
    Messages:
    173
    Likes Received:
    1
    Trophy Points:
    18
    Let's say I have a cPanel account with a domain that is a WPMS (WordPress Multi Site) host, called wpms.com

    I set up additional blogs on it, some with their own domain, some as subdomains. The additional domains are all set up as alias domains.

    My network now looks like this

    wpms.com < main wpms site
    recipes.wpms.com < a blog on a subdomain
    myfamilyblog.com < a blog on its own domain
    mycompanysite.com < a blog on its own domain

    all of these sites are served by the same WPMS installation in the same cPanel account, and all point to \public_html\. WPMS handles the lookup of each domain and serving up the appropriate blog content.

    How does cPanel's Lets Encrypt implementation handle this? Does I get 4 certificates, one for each domain and subdomain? Or does it request one cert with the other domains as additional names?

    If I could vote on it, I'd really love for it to get one cert per domain. Other LE solutions request one cert for many domains, leaking data about unrelated sites. If someone inspected the (perfectly valid) mycompanysite.com cert, they'd see that it was hosted on wpms.com and that I also run myfamilyblog.com from it. I don't necessarily want to have all of those names mingling.
     
  18. jhawkins003

    jhawkins003 Member

    Joined:
    Jun 24, 2014
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Howdy Cpanelers! Quick question - will the new CP plugin under development be compatible with LE certs deployed using the third party Let's Encrypt for cPanel letsencrypt-for-cpanel.com plugin?
     
    #18 jhawkins003, Jul 12, 2016
    Last edited by a moderator: Jul 12, 2016
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    It's likely you will need to uninstall that plugin and utilize the official plugin offered through cPanel. However, this is a question better answered by the developer of that plugin.

    Thank you.
     
  20. cPanelBenny

    cPanelBenny Community Manager, Development, dog scratcher
    Staff Member

    Joined:
    Apr 24, 2014
    Messages:
    43
    Likes Received:
    20
    Trophy Points:
    8
    Location:
    Michigan
    cPanel Access Level:
    Root Administrator
    Twitter:
    The plugin (as it works right now, which has a chance of changing before we leave BETA but likely won't) doesn't much care how the sites are served, as long as it can verify the domain. In this case you would get individual SSLs issued for each domain that you referenced (4 SSLs in total), completely independent of each other.
     
    jhawkins003 likes this.
Loading...
Thread Status:
Not open for further replies.

Share This Page