Let’s Encrypt is one of the fastest-growing and easiest ways to add SSL to your site. Because they provide free certificates, they’re a very popular option for websites that need the enhanced security that SSL provides.
What you'll learn
Today, we’ll look at installing the Let’s Encrypt extension for cPanel, and use it to set up AutoSSL for your cPanel site. AutoSSL replaces the traditional, manual process of SSL, where you have to generate a certificate signing request with cPanel and upload it to another site to get your certificate. With AutoSSL enabled, cPanel will take care of that for you, sending a request to Let’s Encrypt and installing the new certificate automatically.
You’ll need root access to your server via the command line. We are running CentOS (version 7.5), but you can use any cPanel-compatible operating system. You should have cPanel already installed. Follow the cPanel installation guide, and you should be good to go. Importantly, cPanel only supports Let’s Encrypt after version 58.0.17, so you need to have installed or updated after 2017 for the installation to work.
Installing Let’s Encrypt for cPanel
Nothing could be simpler than installing Let’s Encrypt. There’s only one command to run! SSH into your server and run /scripts/install_lets_encrypt_autossl_provider
You should see just some simple output saying the install succeeded.
Using Let’s Encrypt for cPanel
Let’s Encrypt for cPanel is only an AutoSSL provider, so we need to set up AutoSSL. This will allow us to use Let’s Encrypt to manage SSL on an ongoing basis for our site. It is important to remember that AutoSSL can handle up to 200 domains, and that Let’s Encrypt only supports 100 domains per certificate. If you’re managing a few hundred sites with the same cPanel installation, you’ll want to look into virtual hosts on your server. It’s still doable, but you may need some additional configuration.
To begin, type “AutoSSL” into the cPanel search tab, and open up the “Manage AutoSSL” tab in cPanel.
Let’s Encrypt should show up as a provider, although you’ll have to agree to their terms of service. Check yes, and then move on to options to begin managing AutoSSL for your site.
Under options, you’ll see several possibilities for being notified when AutoSSL works. The defaults are usually good here, but you may want to be notified less often. One thing to note is that AutoSSL typically won’t automatically manage an existing certificate. If you do have an existing SSL certificate not managed through AutoSSL, you should consider securely removing it because it will be replaced.
Finally, you’ll need to select the users to enable AutoSSL for. In most cases, you should set up AutoSSL for all users by clicking the “Run AutoSSL For All Users” button. However, you may also select and enable AutoSSL for individual users by using the drop-down.
Testing it Out
Now that everything’s set up, the last step is to run AutoSSL. It will automatically run every 24 hours, so our goal here is just to see if everything works. The easiest way to do that is to click the “Run AutoSSL For All Users” button, and let the AutoSSL agent go through the process of registering and acquiring a certificate.
After you’ve run it once, you can see the logs under the logs tab. Select an individual log entry to see the output from the AutoSSL agent, including any errors that may have occurred.
After that, you’re all set! AutoSSL will run automatically and message you through your notification channels if something goes wrong. It’s useful to check in on the logs tab every now and again to catch problems before they happen. Let’s Encrypt is a mature service that typically doesn’t have errors, but SSL does require some attention to get right.