Let’s Encrypt is a service provider that provides SSLs for your website for free. This allows you to get a valid SSL certificate for use on your site. SSLs provide secure site connections and have lots of uses. This write-up will show how to get, setup, and maintain an updated SSL.
Please note that these commands are designed to run in a series, and during the same SSH session.
- First, be sure to find the document root for your domain
- Then login to your server via SSH
- Run the command
curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
This will download the Bash script we will be using to obtain our Let’s Encrypt SSL.
- Next, run the command
sed -i 's/curl -k/curl -Aagent -k/' ./getssl
This adds a user-agent to the script which helps it to complete one of its tests.
- Create base configuration files for your domain by running
domain=yourdomaingoeshere.com; ./getssl -c $domain
Be sure to replace yourdomaingoeshere.com with your actual domain.
- These commands will setup your configuration file. Enter these one-by-one, in the following order
configFile=.getssl/$domain/getssl.cfg; sed -i 's/SANS/#SANS/' $configFile
echo 'CA="https://acme-v01.api.letsencrypt.org"' >> $configFile
echo "ACL=('/your/document/root/goes/here/.well-known/acme-challenge')" >> $configFile
- Obtain the Let’s Encrypt SSL by running
- To install the SSL certificate you will need to login to your cPanel and go to your file manager, Inside your home directory, you will go to the .getssl folder and then the folder for the domain name you are working with. Download the yourdomain.crt yourdomain.key and chain.crt. Once you have them downloaded go back to your cPanel and you will go to the “SSL/TLS manager” and click “Manage SSL sites”. Once in here select the domain you want to install the certificate on from the drop down. Open the files you downloaded earlier in notepad or your preferred text editor and and paste them into the fields on the screen, The yourdomain.crt will go into the “Certificate (CRT)” field, yourdomain.key will go into the “Private Key (KEY)” field and lastly the chain.crt will go into the “Certificate Authority Bundle: (CABUNDLE)” field. Ensure you copy the entire contents of each file into these fields. Once these have been pasted in click the “Install Certificate” Button at the bottom of the page. Your SSL is now installed.
- Let’s Encyrpt SSL certificates only last 90 days, To renew the certificate simply SSH back into your account and run the command below.
After Running the command repeat step 8 to install the updated certificate.
Awesome! Now you’ve got a Let’s Encrypt SSL all setup on your shared server.
VPS and Dedicated Servers with cPanel
- First login to your server via SSH as root If you do not have root access you can request it by following the directions here
- Once logged in you will want to run the command below to enable lets encrypt for AutoSSL.
- Now that we have enabled lets encrypt we need to set your AutoSSL to use it, login to your WHM as root and go to the “Manage AutoSSL” menu, You can find this by searching for SSL in the searchbox in the upper left hand side.
- On the Manage Auto SSL page you will have a list of providers for AutoSSL and you will now have the option for Let’s Encrypt. Select the radio button next to Let’s Encrypt and then click save below.
- On the Manage Auto SSL page select “Manage Users”, From here you can enable or disable AutoSSL on a per cPanel account basis, It will be enabled for all by default, AutoSSL will check all domains every 24Hrs for certificates, You can force it to check and provision one now by clicking the “Check ‘cpuser'” button on the Manage Users page.
You now have Let’s Encrypt setup on your server.