How to install Let’s Encrypt SSL on cPanel servers

Let’s encrypt is a project that offers free ssl certificates for everybody. Yes, you don’t need to pay to have your own SSL certificate installed on your website. Today we will explore how to install Let’s Encrypt SSL on cPanel servers.


Important: at the time of writing this tutorial, setting up Let’s Encrypt for cPanel servers was pretty much a pain. Today cPanel already integrated Let’s Encrypt into their fantastic AutoSSL system.

Do not follow this tutorial, instead check out the following tutorial on how to enable AutoSSL on cPanel


Requirements to install Let’s Encrypt SSL on cPanel based servers:

  • Dedicated or VPS server with root access.
  • Python 2.7.x
  • Git

Installing requirements for CentOS 6.x

CentOS 6.x comes with Python 2.6.x, that’s why we will need to upgrade to 2.7.x.
Let’s install epel & ius repos in order to install Python 2.7.x:

yum install epel-release
rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm

Finally, install Python 2.7. and Git:

yum --enablerepo=ius install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv -y

Check if python 2.7.x was installed ok:

which python2.7

It should be located at /usr/bin/python2.7

Installing requirements for CentOS 7.x

yum -y install git

Install Let’s Encrypt SSL on cPanel using CentOS 6.x and 7.x

Get all the data from the letsencrypt Repo

cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Run the letsencrypt installation:

./letsencrypt-auto --verbose

The process may take a few minutes. If you see this message:

“No installers are available on your OS yet”

Then the installed finished and you are ready to install your first SSL certificate.

If you see this error:

Transaction Check Error:  file /usr/bin/2to3 from install of python27-tools-2.7.11-1.ius.el6.x86_64 conflicts with file from package python-tools-2.6.6-64.el6.x86_64

The solution is to remove python-tools from your server:

yum remove python-tools

Run the let’s encrypt installer again and it should work.

Installing my first let’s encrypt SSL certificate

Issue the following command to install your ssl on yourwebsite.com

./letsencrypt-auto --text --agree-tos --email [email protected] certonly --renew-by-default --webroot --webroot-path /home/username/public_html/ -d yourwebsite.com -d www.yourwebsite.com

After that, the output should show something like this:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/yoursite.com/fullchain.pem.
   Your cert will expire on 2016-07-18. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[email protected] [~/letsencrypt]# 

Your SSL isn’t ready yet… there is one more step missing.

Install your certificate from WHM panel

Now let’s find our .key and .cert files, needed to install Let’s encrypt on WHM panel:

cd /etc/letsencrypt/live/yoursite.com

Grab your private key:

cat privkey.pem

Copy that code and paste it inside the Private Key field at WHM » SSL/TLS » Install an SSL Certificate on a Domain

cat fullchain.pem

The first part, is the domain certificate, copy that and paste it inside the Certificate field at WHM » SSL/TLS » Install an SSL Certificate on a Domain
The second part, is the Certificate Authority Bundle, copy the last part and paste it inside the Certificate Authority Bundle field at WHM » SSL/TLS » Install an SSL Certificate on a Domain

Finally, press Install.

If everything is fine you should see this success message:

install Let's Encrypt SSL on cPanel

If your certificate authority bundle fails, get it from https://letsencrypt.org/certificates/

Testing your new SSL

  • Open https://www.yoursite.com and it should display a green bar at the top address bar of your browser.
  • Alternatively, you can test the SSL using this ssl test from Digicert

Automating SSL certificate installation in cPanel

There are a few ways to automate let’s encrypt ssl installation and renewals on cPanel servers:

1. Mansoor’s script

Looking for a way to install Let’s Encrypt free SSL certificates on cPanel, found this useful link from Mansoor which describes an easy way to automate the ssl renewal process in an easy way.

2. Let’s Encrypt for cPanel

This website offers a commercial solution ($30 usd per server) to automate the installation and renewal of let’s encrypt certificates. Looks good, however I don’t know why you should spend $30 when you have the previous solution for free. It’s up to you.

Conclusion

Let’s encrypt ssl certificates are definitely a way to to for all those who don’t want to pay for high class SSL certificates or simply don’t have the money. Let’s encrypt seems to be a pretty serious project and will help thousand of websites around the world to become more secure and stable by using SSL protocol to cypher their sensitive information.

Please let us know if you were able to install Let’s Encrypt SSL on cPanel.

Further reading:

About the Author: Martin Keler

1 Comment

  1. I unistalled python tools now im getting emails from whm failing to update:

    [2016-05-04 16:40:35 -0400] E (XID ueyuk8) The system failed to execute yum with the arguments “-y -c /etc/yum.conf install python-tools” because of an error: The “/usr/bin/yum” command (process 2897) reported error number 1 when it ended. :

    [2016-05-04 16:40:35 -0400] Transaction Check Error:

    [2016-05-04 16:40:35 -0400] file /usr/bin/2to3 from install of python-tools-2.6.6-64.el6.x86_64 conflicts with file from package python27-tools-2.7.11-1.ius.centos6.x86_64

    [2016-05-04 16:40:35 -0400] Error Summary

    [2016-05-04 16:40:35 -0400] ————-

    [2016-05-04 16:40:35 -0400] checkyum version 22.3

    [2016-05-04 16:40:37 -0400] E Sysup: Needed system RPMs were not installed: python-tools

    [2016-05-04 16:40:37 -0400] ***** FATAL: Cannot proceed. Needed system RPMs were not installed.

    [2016-05-04 16:40:37 -0400] The Administrator will be notified to review this output when this script completes

    How do i fix this while still maintaining letsencrypt functionality?

Leave a Reply

Your email address will not be published. Required fields are marked *