1. cPanel & WHM Documentation
  2. cPanel Knowledge Base
  3. Third Party
  4. The Let's Encrypt Plugin
ssl

The Let's Encrypt Plugin

Valid for versions 114 through 116

Version:

108

114

118

Last modified: February 21, 2024

Overview

Note:

In cPanel & WHM version 114, Let’s Encrypt™ is the default AutoSSL provider for new installations. When you upgrade from earlier versions, the upgrade will preserve your existing AutoSSL configuration.

This plugin allows the AutoSSL feature to issue certificates from the Let’s Encrypt provider, cPanel & WHM’s default AutoSSL provider. Let’s Encrypt allows you to secure wildcard domains. Let’s Encrypt imposes rate and domain limits. For more information, read our Guide to SSL documentation.

Important:
  • This plugin does not generate hostname certificates for your system’s services. It only generates SSL certificates for your cPanel accounts. For more information, read our Manage AutoSSL documentation.
  • Let’s Encrypt provides all future SSL and Wildcard SSL certificates as your default provider. For more information on generating SSL certificates, read our Generate an SSL Certificate and Signing Request documentation.
  • The Common Name (CN) entry of an SSL certificate is cosmetic and does not affect the security of a certificate.
  • An SSL certificate’s CN does not need to be the main domain. The certificate covers all domains listed in the certificate’s Subject Alternative Name (SAN) field. This includes subdomains, addon domains, and aliases.

Wildcard domains

The Let’s Encrypt provider allows AutoSSL to use wildcard domains to reduce the number of domains included in each certificate. The certificate request will include a wildcard domain (*.example.com) if multiple subdomains are included. The request will also include any domains not covered by the wildcard domain such as third-level subdomains (test.www.example.com) or main domains (example.com).

The use of wildcard domains reduces the size of SSL certificates, which reduces the time of the SSL/TLS handshake process. This also allows users to secure more domains without reaching Let’s Encrypt’s domain limits.

For example, your example.com, www.example.com, and mail.example.com domains share a website. The Let’s Encrypt provider lets AutoSSL acquire a certificate for only the example.com and *.example.com domains. When the issued certificate contains the *.example.com wildcard domain, that certificate also matches all first-level subdomains of example.com. In this example, this includes the www.example.com and mail.example.com domains.

Limitations

If you use the Let’s Encrypt plugin to issue certificates for wildcard domains, be aware that:

  • This plugin cannot use HTTP DCV challenges to issue certificates for wildcard domains. This is because Let’s Encrypt does not support this type of challenge. For more information, read Let’s Encrypt’s HTTP-01 challenge type documentation.

  • You cannot use this plugin to obtain certificates for wildcard domains if you use third-party DNS hosting. You must host DNS on your local cPanel & WHM server or within the server’s DNS cluster.

Installation

To install the plugin, perform the following steps:

  1. Log in to the server as the root user.

  2. Run the following command: 

    /usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider

  3. Log in to WHM and navigate to the Manage AutoSSL interface (WHM » Home » SSL/TLS » Manage AutoSSL).

  4. In the Providers tab, select the Let’s Encrypt™ option. The interface will display the Terms of Service section.

  5. Review Let’s Encrypt’s terms of service. If you agree, select the I agree to these terms of service option.

  6. Click Save.

Recreate your registration

To recreate your registration, perform the following steps:

  1. Navigate to WHM’s Manage AutoSSL (WHM » Home » SSL/TLS » Manage AutoSSL) interface.

  2. Select the Let’s Encrypt™ option for your AutoSSL provider.

  3. Check the Recreate my current registration with “Let’s Encrypt™”. box after you accept the terms of service to recreate your provider registration.

This replaces your current registration with a new one. This is optional and not required to use the Let’s Encrypt provider.

Uninstall the plugin

To uninstall the plugin, perform the following steps:

  1. Log in to the server as the root user.

  2. Run the following command: 

    /usr/local/cpanel/scripts/uninstall_lets_encrypt_autossl_provider

Additional Documentation