Let's Encrypt Support

[cPanelUser-Inactive]

Provide Support for Let's Encrypt Automated Certificate Management/SSL

The conversation on the feature request site for Let's Encrypt support has gotten a bit off-topic, so we're moving the discussion here. I'm still listening, so feel free to discuss here!

 

[Alexandre T.]

Hello, Benny.

I'm here to support your decision to lock new comments to the feature request em Provide Support for Let's Encrypt Automated Certificate Management/SSL and moving the discussion to this thread.

I also believe there's nothing new to be said. The cPanel team already said the work is in progress, already posted their expected release date (3 to 4 months from now). Now, everyone has the information needed to chosse: a) NOT wait and go for an alternative solution, or b) WAIT and stop complaining.

I agree that this request is taking too long to be to be done, but as this is a NEW FEATURE and we've lived all this years without it, I also believe that cPanel need to focus more in other priorities, like updating existing services and increasing stability and security.

In the future, I hope that cPanel can reduce time to develop/accept new feature requests. However, I'm glad to see this request accepted and being incorporated into cPanel's services.

In my specific case, as I don't want to play around in my production server, I'm using Let's Encrypt in another server to generate the certificates, and moving them manually to the accounts I need. Not pretty, not nice, it's one day lost.

However, if cPanel releases this feature in 3 months, it means that I'll have to do it again only once, before delegating this to cPanel.

Thanks again.

 

[PlotHost]

Also we should notice that Let'sEncrypt left beta stage yesterday Leaving Beta, New Sponsors - Let's Encrypt - Free SSL/TLS Certificates

Max

 

[Dhaupin]

Not gonna beat a dead horse about timeframes...instead I wanna reply to a comment by @SarahGebauer in the feature request portal:

Chrome dev branch is already marking http sites as insecure in the address bar. This has been in that branch for ~6 months so we can assume it'll be in live branch this summer sometime. Dev branch doesn't display the lander page about "insecure" at this time, but it still warns.

 

[Taubin]

Thank you for locking the other thread, it was quite out of control. For those that are looking for a stopgap until an official implementation is in place, there is a project on github that enables LetsEncrypt within whm quite easily. I am not a contributor at all, I just happened to find it while searching. If this isn't allowed, please let me know, and I'll remove the post.

- Removed -

 

[cPanelUser-Inactive]

Thanks everyone! I know stress levels are high, especially around that specific request, for loads of very valid reasons. I just wanted to reduce the signal-to-noise ration for the folks only there to keep abreast of our developments.

 

[Richard Edwards]

Whats the current ETA of the cPanel plugin, I dont know if I should buy this or wait

[Mod Note: - The link to the third-party plugin was removed]

 

[cPanelUser-Inactive]

Whats the current ETA of the cPanel plugin, I dont know if I should buy this or wait

It looks like this might have been a cross-post, but just in case not: Our plugin for Let's Encrypt is in active development now, and baring anything unforseen, it will be ready by the time cPanel & WHM version 58 hits CURRENT. Our goal for that is the end of June or beginning of July.

 

[macklus]

@cPanelBenny, sorry if other ask the same, but...

• does Cpanel plugin support SNI ?
• does Cpanel plugin support change SNI host (like mail.domain.tld instead of domain.tld) ?
• does Cpanel plugin support webmail or whm subdomains (actually served by WHM, not apache) ?
• does Cpanel plugin support WHM and Cpanel SSL ?
• does Cpanel plugin allow to sign non-existent-on-cpanel subdomains ?

I really hope that ;-)

 

[cPanelUser-Inactive]

@cPanelBenny, sorry if other ask the same, but...

• does cPanel plugin support SNI ?
• does cPanel plugin support change SNI host (like mail.domain.tld instead of domain.tld) ?
• does cPanel plugin support webmail or whm subdomains (actually served by WHM, not apache) ?
• does cPanel plugin support WHM and cPanel SSL ?
• does cPanel plugin allow to sign non-existent-on-cpanel subdomains ?

I really hope that ;-)

That's no problem at all. Answers are below:

• The plugin works on systems that support SNI.
• The short answer is that the plugin installs SSLs for domains configured on the system. You will be able to define on a per-package basis if the an account gets issued SSLs, but not specify on a per-domain level.
• Proxy subdomain support is not part of this release, but it is a requested feature and will hopefully be supported as of v60 or v62.
• The plugin will only issue SSLs for qualified domains (and subdomains) that are configured in cPanel.

Once it's goes public we'll have full documentation available, but let me know if you have any other general questions!

 

[TwixtedChaox]

I would like to know the status of this.... I really don't want to have to buy the plugin I found..

 

[cPanelMichael]

I would like to know the status of this.... I really don't want to have to buy the plugin I found..

Hello,

The plugin is still on target for publication during the cPanel 58 release cycle, however no specific time frame is available at this time. You can follow the progress on the official feature request page, located at:

Provide Support for Let's Encrypt Automated Certificate Management/SSL

Thank you.

 

[trs]

So version 58 is here, how do I start using Lets Encrypt?

 

[cPanelUser-Inactive]

So version 58 is here, how do I start using Lets Encrypt?

Unfortunately the plugin for Let's Encrypt isn't quite ready for prime time. Our development team is working on it still, and we hope to have it ready by the time v58 goes to STABLE. The plugin will integrate into the AutoSSL feature in v58+, which you can read more about in the release notes and on our documentation site:

58 Release Notes - Documentation - cPanel Documentation
Manage AutoSSL - Documentation - cPanel Documentation

The creation of AutoSSL started around 3.5 years ago, so we're super excited to see it come to fruition. Adding Let's Encrypt support is the obvious next step, and I'm so glad to see it's so close.

 

[trs]

Is there any way I can be a tester for it?

 

[cPanelUser-Inactive]

Is there any way I can be a tester for it?

Unfortunately we're currently maxed out for beta-testers, but I'm hopeful we'll see a public release in the coming weeks.

 

[norelidd]

Let's say I have a cPanel account with a domain that is a WPMS (WordPress Multi Site) host, called wpms.com

I set up additional blogs on it, some with their own domain, some as subdomains. The additional domains are all set up as alias domains.

My network now looks like this

wpms.com < main wpms site
recipes.wpms.com < a blog on a subdomain
myfamilyblog.com < a blog on its own domain
mycompanysite.com < a blog on its own domain

all of these sites are served by the same WPMS installation in the same cPanel account, and all point to \public_html\. WPMS handles the lookup of each domain and serving up the appropriate blog content.

How does cPanel's Lets Encrypt implementation handle this? Does I get 4 certificates, one for each domain and subdomain? Or does it request one cert with the other domains as additional names?

If I could vote on it, I'd really love for it to get one cert per domain. Other LE solutions request one cert for many domains, leaking data about unrelated sites. If someone inspected the (perfectly valid) mycompanysite.com cert, they'd see that it was hosted on wpms.com and that I also run myfamilyblog.com from it. I don't necessarily want to have all of those names mingling.

 

[jhawkins003]

Howdy Cpanelers! Quick question - will the new CP plugin under development be compatible with LE certs deployed using the third party Let's Encrypt for cPanel letsencrypt-for-cpanel.com plugin?

 

[cPanelMichael]

Howdy Cpanelers! Quick question - will the new CP plugin under development be compatible with LE certs deployed using the third party Let's Encrypt for cPanel letsencrypt-for-cpanel.com plugin?

Hello,

It's likely you will need to uninstall that plugin and utilize the official plugin offered through cPanel. However, this is a question better answered by the developer of that plugin.

Thank you.

 

[cPanelUser-Inactive]

Let's say I have a cPanel account with a domain that is a WPMS (WordPress Multi Site) host, called wpms.com

I set up additional blogs on it, some with their own domain, some as subdomains. The additional domains are all set up as alias domains.

My network now looks like this

wpms.com < main wpms site
recipes.wpms.com < a blog on a subdomain
myfamilyblog.com < a blog on its own domain
mycompanysite.com < a blog on its own domain

all of these sites are served by the same WPMS installation in the same cPanel account, and all point to \public_html\. WPMS handles the lookup of each domain and serving up the appropriate blog content.

How does cPanel's Lets Encrypt implementation handle this? Does I get 4 certificates, one for each domain and subdomain? Or does it request one cert with the other domains as additional names?

If I could vote on it, I'd really love for it to get one cert per domain. Other LE solutions request one cert for many domains, leaking data about unrelated sites. If someone inspected the (perfectly valid) mycompanysite.com cert, they'd see that it was hosted on wpms.com and that I also run myfamilyblog.com from it. I don't necessarily want to have all of those names mingling.

The plugin (as it works right now, which has a chance of changing before we leave BETA but likely won't) doesn't much care how the sites are served, as long as it can verify the domain. In this case you would get individual SSLs issued for each domain that you referenced (4 SSLs in total), completely independent of each other.