Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let\u2019s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands, Free SSL with a simple commands.<\/p>\n
No validation emails, no complicated configuration editing, no expired certificates breaking your website. And of course, because Let\u2019s Encrypt provides certificates for free, no need to arrange payment.<\/p>\n
LetsEncrypt is in public beta and already in high demand. This service is a new certificate authority that allows you to generate your own signed certificates in an effort to improve security. \u00a0At present there is a feature request for providing this functionality in cPanel.<\/p>\n
Unfortunately cPanel does not currently have a plugin or automatic means of installing SSL from Let’s Encrypt. There is a feature request here<\/a> for this functionality so it is possible this may be brought to the product in the future.<\/p>\n The following will show you how to install the Let’s Encrypt client and how to generate and install SSL certificates from Lets Encrypt via the WHM API.<\/i><\/p>\n Installing the Let’s Encrypt Client on CentOS 6.x<\/b> Installing the Let’s Encrypt Client on CentOS 7.x<\/strong><\/p>\n Generate an SSL<\/strong> There you go you are all set and ready to generate and install SSLs from Let’s Encrypt automatically via the command line.<\/p>\n Free SSL How to Install Let\u2019s Encrypt on cPanel – Centos Servers Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let\u2019s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands, Free […]<\/p>\n","protected":false},"author":1,"featured_media":344,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,11],"tags":[],"class_list":["post-3650","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-controlpanel","category-how-to"],"_links":{"self":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts\/3650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/comments?post=3650"}],"version-history":[{"count":6,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts\/3650\/revisions"}],"predecessor-version":[{"id":3700,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/posts\/3650\/revisions\/3700"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/media\/344"}],"wp:attachment":[{"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/media?parent=3650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/categories?post=3650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/underhost.com\/blog\/wp-json\/wp\/v2\/tags?post=3650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nPlease note: The Let’s Encrypt client requires \/ prefers python 2.7, so we will install Python 2.7 alongside Python 2.6. Don’t worry it won’t break anything.<\/p>\n\n
rpm -ivh https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-6.noarch.rpm\r\nrpm -ivh https:\/\/rhel6.iuscommunity.org\/ius-release.rpm\r\nyum -y install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv --enablerepo=ius\r\ncd \/root\r\ngit clone https:\/\/github.com\/letsencrypt\/letsencrypt\r\ncd \/root\/letsencrypt\r\nsed -i \"s|--python python2|--python python2.7|\" letsencrypt-auto\r\n.\/letsencrypt-auto --verbose<\/pre>\n<\/blockquote>\n
\n
yum -y install git\r\ncd \/root\r\ngit clone https:\/\/github.com\/letsencrypt\/letsencrypt\r\ncd \/root\/letsencrypt\r\n.\/letsencrypt-auto --verbose<\/pre>\n<\/blockquote>\n
\nYou will be required to enter your email and accept their license agreement. I would recommend using the server admins email. Also make sure you replace “cPanelUser” with your actual username. This is require to allow the Let’s Encrypt client to create the auth files for the domain and be able to access them during the authorization. Please note if you are installing a subdomain or addon domain that points to another path, that you set the path of the subdomain or addon domain.<\/p>\ncd \/root\/letsencrypt\r\n.\/letsencrypt-auto --text --agree-tos --email email@domain.com certonly --renew-by-default --webroot --webroot-path \/home\/cPanelUser\/public_html\/ -d domain.com -d www.domain.com\r\n\r\nFor all subsequent runs use the following below, as there is no need to re-provide your email or re-agree to the TOS.<\/pre>\n
cd \/root\/.local\/share\/letsencrypt\/bin\/\r\n.\/letsencrypt --text certonly --renew-by-default --webroot --webroot-path \/home\/cPanelUser\/public_html\/ -d domain.com -d www.domain.com\r\n\r\nBy adding the renew-by-default command you can add this to a cron to run every 60 (recommended) or say 85 days to avoid this expiring before you are sure the new certs are retrieved. Then all you need to do is simply run the install script below again to install the updated certificate to cPanel.\r\n\r\n0 0 *\/60 * * \/root\/.local\/share\/letsencrypt\/bin\/letsencrypt --text certonly --renew-by-default --webroot --webroot-path \/home\/cPanelUser\/public_html\/ -d domain.com -d www.domain.com; \/root\/installssl.pl domain.com\r\n\r\nYou can also generate an FREE SSL certificate via Get HTTPS for free!<\/a>, there are additional steps that are required however. \r\n\r\nScript to automatically install the SSLs you generated<\/b>\r\nThis script will be used to install the SSL's you generated to cPanel\/WHM via the API. Please note the following things.\r\n\r\n1. You must replace \"rootpass\" with your actual root password.\r\n2. The CA Bundle is not by default in the location below and is generally saved to \/etc\/letsencrypt\/live\/domain.com\/fullchain.pm and is the second cert in the file. I have included the CA Bundle below the script so you can create this.\r\n\r\n<\/pre>\n
\n
#!\/usr\/local\/cpanel\/3rdparty\/bin\/perl\r\n\r\nuse strict;\r\nuse LWP::UserAgent;\r\nuse LWP::Protocol::https;\r\nuse MIME::Base64;\r\nuse IO::Socket::SSL;\r\nuse URI::Escape;\r\n\r\nmy $user = \"root\";\r\nmy $pass = \"rootpass\";\r\n\r\nmy $auth = \"Basic \" . MIME::Base64::encode( $user . \":\" . $pass );\r\n\r\nmy $ua = LWP::UserAgent->new(\r\n ssl_opts => { verify_hostname => 0, SSL_verify_mode => 'SSL_VERIFY_NONE', SSL_use_cert => 0 },\r\n);\r\n\r\nmy $dom = $ARGV[0];\r\n\r\nmy $certfile = \"\/etc\/letsencrypt\/live\/$dom\/cert.pem\";\r\nmy $keyfile = \"\/etc\/letsencrypt\/live\/$dom\/privkey.pem\";\r\nmy $cafile = \"\/etc\/letsencrypt\/live\/bundle.txt\";\r\n\r\nmy $certdata;\r\nmy $keydata;\r\nmy $cadata;\r\n\r\nopen(my $certfh, '<', $certfile) or die \"cannot open file $certfile\";\r\n {\r\n local $\/;\r\n $certdata = <$certfh>;\r\n }\r\n close($certfh);\r\n\r\nopen(my $keyfh, '<', $keyfile) or die \"cannot open file $keyfile\";\r\n {\r\n local $\/;\r\n $keydata = <$keyfh>;\r\n }\r\n close($keyfh);\r\n\r\nopen(my $cafh, '<', $cafile) or die \"cannot open file $cafile\";\r\n {\r\n local $\/;\r\n $cadata = <$cafh>;\r\n }\r\n close($cafh);\r\n\r\nmy $cert = uri_escape($certdata);\r\nmy $key = uri_escape($keydata);\r\nmy $ca = uri_escape($cadata);\r\n\r\nmy $request = HTTP::Request->new( POST => \"https:\/\/127.0.0.1:2087\/json-api\/installssl?api.version=1&domain=$dom&crt=$cert&key=$key&cab=$ca\" );\r\n$request->header( Authorization => $auth );\r\nmy $response = $ua->request($request);\r\nprint $response->content;\r\n<\/pre>\n<\/blockquote>\n<\/div>\nAdd the Let's Encrypt CA Bundle<\/b>\r\nSince Let's Encrypt doesn't added the CA Bundle separately you need to create this file for the above script to work.<\/pre>\n
\n
vi \/etc\/letsencrypt\/live\/bundle.txt\r\n<\/pre>\n<\/blockquote>\n<\/div>\n
When editing that file set the following below and save<\/pre>\n
\n
-----BEGIN CERTIFICATE-----\r\nMIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw\r\nPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\r\nEw5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa\r\nMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\r\nExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD\r\nggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB\r\nBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelg\r\nPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyG\r\ndGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1\r\ngGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb4\r\n4\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud\r\nEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy\r\nBggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j\r\nb20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv\r\nZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX\/xBVghYkQ\r\nMFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH\r\nAgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw\r\nMzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM\r\nLmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3\r\npkVl7\/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd\r\nv0J20\/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK\/TnY21hp4Dd\r\nITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW\r\nZnupyxpsEUlEaFb+\/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk\r\n6q78OMSdn875bNjdBYAqxUp2\/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj\r\nf1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=\r\n-----END CERTIFICATE-----\r\n<\/pre>\n<\/blockquote>\n<\/div>\n
Running the script<\/b>\r\nFirst make the script executable. Then run the script with the main domain of the certificate generated from Let's Encrypt.<\/pre>\n
\n
chmod +x installssl.pl\r\n.\/installssl.pl domain.com\r\n<\/pre>\n<\/blockquote>\n<\/div>\n
All our shared hosting<\/a> now offers Free SSL from let’s encrypt get started today!<\/h2>\n","protected":false},"excerpt":{"rendered":"