At work I recently collaborated with our hosting provider to move our company website to a version of cPanel. Up until this time, there has been no way of running our site on SSL/TLS, and it’s been quite frustrating, having discovered LetsEncrypt and its ease of use. Basically, with this certificate signer, I have no reason to actually figure out the handshaking and signing process as was required in old command-line versions of SSL.
Well, our hosting provider’s version of cPanel has not really been expanded to allow for LetsEncrypt, even though multiple people on the cPanel forums say there’s a plugin available. Seems they don’t mind forcing me to pay another fee on top of everything to get an annual signature from the two default signers they had enabled in the system.
This made me wonder, and think, well CertBot, which generates the certificates and private keys and runs the signing requests automatically, always talked about this “cert only” option, and here on their website, I see instructions for a “manual” option as well. I thought this may have been exactly what I was looking for, since my scenario is – I have a website on a host who does not have LetsEncrypt enabled, but does allow me to upload certificates and keys from an offline source.
Here is my process of installing a LetsEncrypt SSL/TLS DV certificate on a cPanel site not equipped to generate one automatically.
Create a new certificate with any subdomains we’d need using certbot certonly -d c-pwr.com,www.c-pwr.com –manualCertbot warns you that the computer’s IP you’re generating the certificate on will be shared with them, even though it’s not the server on which the cert will be installed on in the end. Type Y.
certbot certonly -d c-pwr.com,www.c-pwr.com --manualagain.
- I am asked to create new acme challenges on the webserver which I did.
- Since the cert already existed in the /etc/letsencrypt/live, it detected this as a renew, and did not prompt me to upload certificates a second time!!
- I logged into cPanel and created two text docs in the File Manager as instructed, hit enter in my local server command line and it did everything from there.
- 2018-08-01: I forgot that I also need to update and re-copy cert.pem and privkey.pem to CPanel SSL/TLS Status in order for it to actually update, as cPanel just emailed and said my cert was expiring in ten days.
- cPanel > SSL/TLS > Install and Manage (Manage SSL Sites)
- Scroll down and select the old domain in the dropdown.
sudo cat /etc/letsencrypt/live/c-pwr.com/cert.pem
sudo cat /etc/letsencrypt/live/c-pwr.com/privkey.pem
- Copy the certificate and private key text to the crt and key fields in cPanel.
- Click Install Certificate.