Let’s encrypt is a project that offers free ssl certificates for everybody. Yes, you don’t need to pay to have your own SSL certificate installed on your website. Today we will explore how to install Let’s Encrypt SSL on cPanel servers.
Important: at the time of writing this tutorial, setting up Let’s Encrypt for cPanel servers was pretty much a pain. Today cPanel already integrated Let’s Encrypt into their fantastic AutoSSL system.
Do not follow this tutorial, instead check out the following tutorial on how to enable AutoSSL on cPanel
Requirements to install Let’s Encrypt SSL on cPanel based servers:
- Dedicated or VPS server with root access.
- Python 2.7.x
- Git
Installing requirements for CentOS 6.x
CentOS 6.x comes with Python 2.6.x, that’s why we will need to upgrade to 2.7.x.
Let’s install epel & ius repos in order to install Python 2.7.x:
yum install epel-release
rpm -ivh https://rhel6.iuscommunity.org/ius-release.rpm
Finally, install Python 2.7. and Git:
yum --enablerepo=ius install git python27 python27-devel python27-pip python27-setuptools python27-virtualenv -y
Check if python 2.7.x was installed ok:
which python2.7
It should be located at /usr/bin/python2.7
Installing requirements for CentOS 7.x
yum -y install git
Install Let’s Encrypt SSL on cPanel using CentOS 6.x and 7.x
Get all the data from the letsencrypt Repo
cd /root git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
Run the letsencrypt installation:
./letsencrypt-auto --verbose
The process may take a few minutes. If you see this message:
“No installers are available on your OS yet”
Then the installed finished and you are ready to install your first SSL certificate.
If you see this error:
Transaction Check Error: file /usr/bin/2to3 from install of python27-tools-2.7.11-1.ius.el6.x86_64 conflicts with file from package python-tools-2.6.6-64.el6.x86_64
The solution is to remove python-tools from your server:
yum remove python-tools
Run the let’s encrypt installer again and it should work.
Installing my first let’s encrypt SSL certificate
Issue the following command to install your ssl on yourwebsite.com
./letsencrypt-auto --text --agree-tos --email [email protected] certonly --renew-by-default --webroot --webroot-path /home/username/public_html/ -d yourwebsite.com -d www.yourwebsite.com
After that, the output should show something like this:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/yoursite.com/fullchain.pem. Your cert will expire on 2016-07-18. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If you like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le [email protected] [~/letsencrypt]#
Your SSL isn’t ready yet… there is one more step missing.
Install your certificate from WHM panel
Now let’s find our .key and .cert files, needed to install Let’s encrypt on WHM panel:
cd /etc/letsencrypt/live/yoursite.com
Grab your private key:
cat privkey.pem
Copy that code and paste it inside the Private Key field at WHM » SSL/TLS » Install an SSL Certificate on a Domain
cat fullchain.pem
The first part, is the domain certificate, copy that and paste it inside the Certificate field at WHM » SSL/TLS » Install an SSL Certificate on a Domain
The second part, is the Certificate Authority Bundle, copy the last part and paste it inside the Certificate Authority Bundle field at WHM » SSL/TLS » Install an SSL Certificate on a Domain
Finally, press Install.
If everything is fine you should see this success message:
If your certificate authority bundle fails, get it from https://letsencrypt.org/certificates/
Testing your new SSL
- Open https://www.yoursite.com and it should display a green bar at the top address bar of your browser.
- Alternatively, you can test the SSL using this ssl test from Digicert
Automating SSL certificate installation in cPanel
There are a few ways to automate let’s encrypt ssl installation and renewals on cPanel servers:
1. Mansoor’s script
Looking for a way to install Let’s Encrypt free SSL certificates on cPanel, found this useful link from Mansoor which describes an easy way to automate the ssl renewal process in an easy way.
2. Let’s Encrypt for cPanel
This website offers a commercial solution ($30 usd per server) to automate the installation and renewal of let’s encrypt certificates. Looks good, however I don’t know why you should spend $30 when you have the previous solution for free. It’s up to you.
Conclusion
Let’s encrypt ssl certificates are definitely a way to to for all those who don’t want to pay for high class SSL certificates or simply don’t have the money. Let’s encrypt seems to be a pretty serious project and will help thousand of websites around the world to become more secure and stable by using SSL protocol to cypher their sensitive information.
Please let us know if you were able to install Let’s Encrypt SSL on cPanel.
Further reading:
I unistalled python tools now im getting emails from whm failing to update:
[2016-05-04 16:40:35 -0400] E (XID ueyuk8) The system failed to execute yum with the arguments “-y -c /etc/yum.conf install python-tools” because of an error: The “/usr/bin/yum” command (process 2897) reported error number 1 when it ended. :
[2016-05-04 16:40:35 -0400] Transaction Check Error:
[2016-05-04 16:40:35 -0400] file /usr/bin/2to3 from install of python-tools-2.6.6-64.el6.x86_64 conflicts with file from package python27-tools-2.7.11-1.ius.centos6.x86_64
[2016-05-04 16:40:35 -0400] Error Summary
[2016-05-04 16:40:35 -0400] ————-
[2016-05-04 16:40:35 -0400] checkyum version 22.3
[2016-05-04 16:40:37 -0400] E Sysup: Needed system RPMs were not installed: python-tools
[2016-05-04 16:40:37 -0400] ***** FATAL: Cannot proceed. Needed system RPMs were not installed.
[2016-05-04 16:40:37 -0400] The Administrator will be notified to review this output when this script completes
How do i fix this while still maintaining letsencrypt functionality?