We have a new documentation site for cPanel & WHM! You can find our new documentation site at docs.cpanel.net.

We will continue to maintain our API documentation on this server.

Page tree
Skip to end of metadata
Go to start of metadata

Overview

This plugin allows the AutoSSL feature to retrieve certificates from the Let's Encrypt™ provider. You can use this plugin if you do not want to use cPanel's default provider.

Let's Encrypt can issue certificates faster than the cPanel (powered by Sectigo) default provider. It can also include wildcard subdomains on its certificates, which the default provider cannot do. However, unlike the cPanel default provider, Let's Encrypt imposes rate and size limits on its issued certificates. 

For more information, read our Manage AutoSSL documentation.

Note:

In cPanel & WHM version 84 and later, the Let's Encrypt plugin supports wildcard certificates. However, there are limits for this type of certificate:

  • This plugin does not currently secure non-wildcard domains via wildcard certificate. For example, it cannot secure the foo.example.com and bar.example.com subdomains with a *.example.com wildcard.
  • This plugin cannot use HTTP DCV challenges to issue wildcard certificates. Let's Encrypt does not support this type of challenge. For more information, read Let's Encrypt's HTTP-01 challenge type documentation.
  • You cannot use this plugin to obtain wildcard certificates if you use third-party DNS hosting. You must host DNS on your local cPanel & WHM server or within the server's DNS cluster.

Important:

  • Let's Encrypt imposes significant rate and domain limits. You should review the rate limits before you select this provider. For more information, read our Guide to SSL documentation.
  • This plugin does not generate hostname certificates for your system's services. It only generates SSL certificates for your cPanel accounts. For more information, read our Manage AutoSSL documentation.
  • In cPanel & WHM version 82 and earlier, this plugin uses the original Let's Encrypt API. This version of the API will not allow account creations starting in November 2019. We strongly recommend that you do not reset your Let's Encrypt registration after this date. If you do, this plugin will not work. To create a new account after this date, you must upgrade to cPanel & WHM version 84 and later.
  • When Let's Encrypt's API version 1 reaches end of life (EOL) in June 2021, this plugin will not work on cPanel & WHM version 82 and earlier. You must upgrade to cPanel & WHM version 84 and later to use it. For more information, read Let's Encrypt's end of life plan for ACMEv1.

Installation

To install the plugin, perform the following steps:

  1. Log in to the server in as the root user.
  2. Run the following command:

    /usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider
  3. Log in to WHM and navigate to the Manage AutoSSL interface (WHM >> Home >> SSL/TLS >> Manage AutoSSL).

  4. In the Providers tab, select the Let's Encrypt™ option. The interface will display the Terms of Service section.
  5. Review Let's Encrypt's terms of service . If you agree, select the I agree to these terms of service. option.
  6. Click Save.

Note:

In cPanel & WHM versions 82 and earlier, if you disable the  Use a Global DCV rewrite exclude instead of .htaccess modification  option in WHM's Tweak Settings interface (Home >> WHM >> Server Configuration >> Tweak Settings), the system modifies the .htaccess file. It will add the following rules:

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Sectigo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

Update your registration

In the Manage AutoSSL interface, select the Update my current registration with "Let's Encrypt". option after you accept the terms of service to update your existing registration. When you select this option, the system replaces your current registration with a new one.

Note:

In cPanel & WHM version 82 and earlier, we removed this option.

Uninstall the plugin

To uninstall the plugin, perform the following steps:

  1. Log in to the server as the root user.
  2. Run the following command:

    /usr/local/cpanel/scripts/uninstall_lets_encrypt_autossl_provider

Additional documentation

There is no content with the specified labels

There is no content with the specified labels

There is no content with the specified labels