How to Enable Let’s Encrypt AutoSSL in cPanel

Issue: CentOS based server running cPanel, required to support the “Let’s Encrypt” initiative: https://letsencrypt.org/

Solution: cPanel has an existing plugin that adds this under one of the SSL/TLS options in WHM.

SSH into server and issue  the plugin installation command:

/scripts/install_lets_encrypt_autossl_provider

Then to enable, navigate in WHM to:

Home >> SSL/TLS >> Manage AutoSSL

Choose “Let’s Encrypt” as the AutoSSL provider.

Caveats:

  • Certificates that Let’s Encrypt provides through AutoSSL can secure a maximum of 100 domains per website (per Apache virtual host).
  • Let’s Encrypt will issue a maximum of 20 certificates per week that contain a domain or its subdomains. If you include subdomains of a domain on more than 20 certificates, Let’s Encrypt will issue those during the next window, up to the limit for that week.
  • Let’s Encrypt uses the domain’s alias (parked domain), not the main domain, as the common name for AutoSSL. To use the main domain as the common name for AutoSSL, you must use cPanel or another AutoSSL provider.
  • For sites that do not have a dedicated IP address, web browsers that do not support SNI (Server Name Indication) will probably give false security warnings to visitors when they access any of the SSL website.

In general, SNI allows a server to present multiple SSL certificates on the same IP address, which allows multiple secure (HTTPS) websites to be served off the same IP address, without requiring all those websites to use the same certificate.

cPanel related information is here: https://features.cpanel.net/topic/provide-support-for-lets-encrypt-automated-certificate-management-ssl

Leave a comment

BlogLogistics