ssl

The Let's Encrypt Plugin

Valid for version 82

Version:

82

84

86

88


Last modified: September 8, 2020

Overview

This plugin allows the AutoSSL feature to retrieve certificates from the Let’s Encrypt™ provider. You can use this plugin if you do not want to use cPanel’s default provider.

Let’s Encrypt can issue certificates faster than the cPanel (powered by Sectigo) default provider. However, Let’s Encrypt imposes rate and size limits on its issued certificates.

For more information, read our Manage AutoSSL documentation.

Important:
  • Let’s Encrypt imposes significant rate and domain limits. You should review the rate limits before you select this provider. For more information, read our Guide to SSL documentation.

  • Let’s Encrypt provides all future SSL and Wildcard SSL certificates when you select Let’s Encrypt as your default provider. For more information on generating SSL certificates, read our Generate an SSL Certificate and Signing Request documentation.

  • This plugin does not generate hostname certificates for your system’s services. It only generates SSL certificates for your cPanel accounts. For more information, read our Manage AutoSSL documentation.

  • This plugin uses the original Let’s Encrypt API. This version of the API will not allow account creations starting in November 2019. We strongly recommend that you do not reset your Let’s Encrypt registration after this date. If you do, this plugin will not work. To create a new account after this date, you must upgrade to cPanel & WHM version 84 and later.

  • When Let’s Encrypt’s API version 1 reaches end of life (EOL) in June 2021, this plugin will not work on cPanel & WHM. You must upgrade to cPanel & WHM version 84 and later to use it, or use the cPanel (powered by Sectigo) default provider. For more information, read Let’s Encrypt’s end of life plan for ACMEv1.

  • The Common Name (CN) entry of an SSL certificate is cosmetic and does not affect the security of a certificate.

  • An SSL certificate’s CN does not need to be the main domain. The certificate covers all domains listed in the certificate’s Subject Alternative Name (SAN) field.

Installation

Warning:

You cannot install this plugin without an existing registration.

To install the plugin, perform the following steps:

  1. Log in to the server as the root user.

  2. Run the following command:

    /usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider

  3. Log in to WHM and navigate to the Manage AutoSSL interface (WHM >> Home >> SSL/TLS >> Manage AutoSSL).

  4. In the Providers tab, select the Let’s Encrypt™ option. The interface will display the Terms of Service section.

  5. Review Let’s Encrypt’s terms of service. If you agree, select the I agree to these terms of service option.

  6. Click Save.

Note:

If you disable the Use a Global DCV rewrite exclude instead of .htaccess modification option in WHM’s Tweak Settings interface (Home >> WHM >> Server Configuration >> Tweak Settings), the system modifies the .htaccess file. It will add the following rules:

RewriteCond %{REQUEST_URI} !^/[0-9]+..+.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}.txt(?:\ Sectigo\ DCV)?$
RewriteCond %{REQUESTURI} !^/.well-known/acme-challenge/[0-9a-zA-Z-]+$

Uninstall the plugin

To uninstall the plugin, perform the following steps:

  1. Log in to the server as the root user.

  2. Run the following command:

    /usr/local/cpanel/scripts/uninstall_lets_encrypt_autossl_provider

Additional Documentation