Overview
The Let's Encrypt plugin allows you to automatically provision cPanel accounts with Let's Encrypt SSL certificates for sites that do not already have valid CA-signed SSL certificates.
Requiremenst Root SSH access to WHM i386 or x86_64 CentOS 6 or 7 (5 is not supported) WHM 11.52 or higher (CloudLinux and LSWS compatible) Remote access key has been generated (/root/.accesshash). If it is not present, simply visit the “Remote Access Key” page in WHM. Please note: cPanel DNSONLY servers are currently NOT supported.
Installation
To install the plugin, perform the following steps:
Log in to the command line via SSH as the root user.
Run the following command:
** /scripts/install_lets_encrypt_autossl_provider**
Thenselect Let's Encrypt as an AutoSSL provider, use WHM's Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL).
Installing Letsencrypt for Server Hostname
First take a backup of your current SSL CRT directory first:
# tar -zcf /root/cptechs/var_cpanel_ssl.tar.gz$(date +%s) /var/cpanel/ssl/
Go to WHM > Service Configuration > Manage Service SSL Certificates and clicked "Reset Certificate" for each service to install a Self Signed SSL CRT.
Run below command in command line to issue new SSLfor services
/usr/local/cpanel/bin/checkallsslcerts --verbose
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.
We can see the SSL CRT's have been requested for your services. The hostname for the SSL CRT will be with one that is currently defined in cPanel:
# whmapi1 gethostname|grep hostname:
hostname: server1.hostname.com
While the process is not always this fast, after a few moments, we can see the SSL CRT's are ready for install. Then re-ran the '/usr/local/cpanel/bin/checkallsslcerts --verbose' command which would have been ran at maintenance time. You may verify at WHM > Service Configuration > Manage Service SSL Certificates.
You can verify SSL installation by running https://server1.hostname.com:2087 You can see a green padlock with letsencrypt SSL.