How to install Let's Encrypt SSL on cPanel hostname?

In this article, I will guide you about using the Let’s Encrypt SSL certificate for cPanel hostname. As you know, cPanel provides a free SSL certificate for cPanel hostname as default. But some times it not works or limit issue, so you can use the following steps to have a valid SSL certificate for your cPanel services.

Install the Certbot from EPEL

Run following command as root user to install certbot from epel repo

yum install --enablerepo=epel certbot

Create deploy-hook script for Certbot

Create hostname-ssl.sh file and copy below contents to it and save.

vi /usr/local/bin/hostname-ssl.sh
#!/bin/sh
set -e

/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/cpanel/cpanel.pem
/bin/chown cpanel:cpanel /var/cpanel/ssl/cpanel/cpanel.pem

/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem > /var/cpanel/ssl/exim/exim.key
/bin/cat /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/exim/exim.crt
/bin/chown mailnull:mail /var/cpanel/ssl/exim/exim.*

/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem > /var/cpanel/ssl/ftp/ftpd-rsa-key.pem
/bin/cat /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/ftp/ftpd-rsa.pem
/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/ftp/pure-ftpd.pem
/bin/chown root:wheel /var/cpanel/ssl/ftp/*

/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem > /var/cpanel/ssl/dovecot/dovecot.key
/bin/cat /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/dovecot/dovecot.crt
/bin/chown root:wheel /var/cpanel/ssl/dovecot/dovecot.*

/bin/systemctl restart cpanel.service
/bin/systemctl restart exim.service
/bin/systemctl restart pure-ftpd.service
/bin/systemctl restart dovecot.service

#If above cpanel commands doesn't work for your cpanel version. Replace below lines with above lines 
and remove #.

#/scripts/restartsrv_cpsrvd
#/scripts/restartsrv_ftpd
#/scripts/restartsrv_dovecot
#/scripts/restartsrv_exim

Now make it executable

chmod +x /usr/local/bin/hostname-ssl.sh

Issue a certificate for cPanel hostname

With the following command you will be able to issue a Let’s Encrypt valid certificate for cPanel HOSTNAME

certbot --debug certonly -a webroot --agree-tos --webroot-path=/usr/local/apache/htdocs --deploy-hook=/usr/local/bin/hostname-ssl.sh --renew-by-default -d $HOSTNAME

Certificate renew cron job

For the certificate, auto-renew add the following lines in your cron job file.

crontab -e
00 02 * * * certbot renew

That's all.

  • install-cpanel-hostname, cpanel-ssl, hostname-ssl, cpanel-hostname-ssl, free-hostname-ssl, cpanel-free-ssl
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to access server via Remote Desktop (RDP)?

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a...

How to install Let’s Encrypt on CentOS 7 with Apache?

Today, we will show you, How to install Let’s Encrypt on CentOS 7 with Apache. Let’s Encrypt is a...

Domains are not showing in WHM -> List accounts

We were unable to see any domains listed under WHM -> List Accounts. However, we can see the...

HOW TO INSTALL LITESPEED WEB SERVER IN LINUX SERVER?

Litespeed Cache is useful to increase high performance for your Wordpress Website. Following are...

Remove ONLY_FULL_GROUP_BY in my.cnf file

Remove ONLY_FULL_GROUP_BY in my.cnf file First you need to find my.cnf file location and then...