I have written a client in PHP, which does complete automation of Let’s Encrypt SSL certificates in Linux shared hosting that has cPanel control panel.
This client is friendly even for less tech-savvy users. No root access required. No command line/programming experience required. Users can install and manage the client using a browser. YouTube video tutorial is available: https://www.youtube.com/watch?v=WqCk9dVLoPw
The client issues, renew and install SSL certificates in cPanel shared hosting by the automated cron job.
Name of the App is ‘FreeSSL.tech Auto’. It is entirely free of cost. You can download it from https://freessl.tech. Size is 2.71 MB only.
Screenshot of the admin dashboard is given below.
Report issues: https://github.com/speed-up-website/freessl.tech-auto/issues
Support: this thread and https://freessl.tech/contact
The client provides an option to issue one SSL certificate even before installing this client/app. This option appears if the user accesses the installation page over an insecure connection (HTTP). This feature ensures that the user doesn’t need to enter database and login credentials on a “Not secure” page, from the very beginning.
FEATURES of the ‘FreeSSL.tech Auto’ client:
- Automatic installation of free SSL certificates on cPanel shared hosting.
- The client fetches all the domain and sub-domains data from the cPanel, check every day if any domain needs to issue/renew SSL and do the required action.
- Both version (1 and 2) of Let’s Encrypt ACME API available. So the client can issue/renew and install Free WildCard SSL certificates automatically.
- Browser-based installation and configuration of the client/app.
- Add daily cron job with one click. The user doesn’t need to log in to the user’s web hosting control panel to add the cron job.
- If the user’s web hosting control panel is other than cPanel, the renewal is still automatic. However, the user needs to install the SSL certificate manually. The app will send an automated email to the user for every renewal with the required information.
- Mobile-friendly admin dashboard.
OTHER TECHNICAL SPECIFICATIONS:
- Let’s Encrypt recommends renewing SSL certificates before 30 days of expiry. The client provides the user an option to change it.
- Save the free SSL certificate and private key above the publicly available directory (usually public_html) of the user’s hosting.
- Custom name the directory where private keys and SSL certificates are kept secure.
- Choose SSL certificate key size as per the user’s wish.
- The client stores all the confidential credentials (password/API secret) using the open SSL encryption.
- To issue free wildcard SSL certificate, supported DNS service providers (to auto-set DNS TXT record) are cPanel, Godaddy, Cloudflare, and Namecheap. If the user’s DNS service provider is other than these four, the user needs to set DNS TXT record manually. The client/app sends the user an automated email with DNS TXT record details when required.
- After auto-set DNS TXT record, the client waits 2 minutes before sending challenges to the Let’s Encrypt server for domain verification. If the user’s DNS provider takes more than 2 minutes to propagates out, the user has the option to make the client wait even more.
- If the user has to set the DNS TXT record manually, ‘FreeSSL.tech Auto’ waits until the TXT record propagates out.
- Option to revoke SSL cert and change Let’s Encrypt account key.
- All the forms are protected with CSRF token.
- The app sends the user automated email with necessary information for every issue/ renewal event.
Minimum System Requirements:
- Linux hosting: cPanel or any other control panel (NOT compatible with Windows hosting)
- PHP 5.4 and up
- MySQL 5 or MariaDB 10
- OpenSSL extension
- Curl extension
- MySQLi extension
- PHP directive allow_url_fopen = On
- For automatic installation of SSL certificate, you need the SSL installation feature enabled for your cPanel account.