Here we cover how to install a Let's Encrypt SSL Certificate. Let’s Encrypt is a service provider that provides SSLs for your website for free.
This allows you to get a valid SSL certificate on your site. SSLs provide secure site connections and have lots of uses. This guide will show how to get, set up, and maintain an updated SSL.
Related Articles
Enable Let's Encrypt as AutoSSL Provider
Enable AutoSSL on VPS and Dedicated Servers
Install Third-Party SSL
Install Let's Encrypt SSL on Shared Servers
- Find the document root for your domain
- SSH into your server
- Run the following command to download the Bash script that we will use to obtain the certificate
curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
- Run the following command to add a user-agent to the script, which helps it to complete one of its tests
sed -i 's/curl -k/curl -Aagent -k/' ./getssl
- Run the following command to create base configuration files for your domain
domain=domain.com; ./getssl -c $domain
REPLACE: domain.com with your actual domain. - Run the following commands one by one to set up the configuration file
-
configFile=.getssl/$domain/getssl.cfg; sed -i 's/SANS/#SANS/' $configFile
-
echo 'CA="https://acme-v01.api.letsencrypt.org"' >> $configFile
-
echo "ACL=('/your/document/root/goes/here/.well-known/acme-challenge')" >> $configFile
-
- Run the following command to obtain the Let’s Encrypt SSL certificate
./getssl $domain
- Log into cPanel
- Open File Manager located in the Files section
- Open the .getssl folder in the home directory
TIP: If you do not see the .getssl folder, you may have to enable show hidden files. - Within that folder, open the folder for the domain name that you are working with
- Download the yourdomain.crt, yourdomain.key, and chain.crt
TIP: Instead of yourdomain, the files will have your actual domain name. - In cPanel, open the SSL/TLS page
- Select Manage SSL sites
- Scroll down and select the domain to install the certificate on from the drop-down menu that says Select a Domain
- Open the files you downloaded from step 12 in notepad or your preferred text editor and paste them into the fields
NOTE: The content from the yourdomain.crt file will go into the Certificate (CRT) field, yourdomain.key will go into the Private Key (KEY) field, and chain.crt will go into the Certificate Authority Bundle: (CABUNDLE) field. Ensure you copy the entire contents of each file into these fields. - Click the Install Certificate button at the bottom of the page
- Your Let's Encrypt SSL is now installed
NOTE: Let’s Encrypt SSL certificates only last 90 days. To renew the certificate, follow the below steps. - SSH back into your account and run the following command
./getssl yourdomain
REPLACE: yourdomain with your domain name. - Repeat steps 8 - 17 to install the updated certificate
Install Let’s Encrypt SSL on VPS and Dedicated Servers
IMPORTANT: This solution will require root access. If this needs to be obtained, follow the guide on requesting root access.
- Log into Root WHM
- Navigate to Manage Plugins, located under cPanel
- Click Install "cPanel AutoSSL with Let’s Encrypt™ (API version 2)" to install Let's Encrypt
- Wait until the installation completes
- Navigate to the Manage AutoSSL page under the SSL/TLS options
- Select Let's Encrypt in the list of AutoSSL providers
- Click the checkbox to agree to the terms of service and click Save
- On the same page, select the Manage Users tab
- In this tab, you can enable or disable AutoSSL for each cPanel account
TIP: By default, AutoSSL will be enabled for all cPanel accounts. AutoSSL will check all domains every 24 hours for certificates. You can force it to check and provision one now by clicking the Check "userna5" button, replacing userna5 with the actual cPanel username. Alternatively, above the list of tabs, you can click the Run AutoSSL for all Users button to run an AutoSSL check for all cPanel users.
Comments
0 comments
Article is closed for comments.