Automate certificate renewal process on cPanel shared hosting


I've begun working with certbot on ElementaryOS Hera (Ubuntu 20.04 based) some months ago, and have noticed certificates are valid only for 90 days.

I execute the following command:

sudo certbot certonly --server --manual --preferred-challenges dns -d ',*'

Then, I take the generated certificate, copy the corresponding parts and finally login to cPanel and update manually each certificate and install

The question is: Is there a way to automatize this process and make it renew automatically, let's say through cron or something similar?

My domain is:
My hosting provider, if applicable, is: Namecheap
I can login to a root shell on my machine (yes or no, or I don't know): NO
I'm using cPanel
The version of my certbot 2.6.0

Thanks a lot in advance for any help/tips you can give

Depending on the version of cPanel, it may be able to automatically obtain LE certs for you.

If not, then most things that can be done manually, can be done via script.
That said, adding DNS TXT records automatically can be a bit tedious for difficult DNS systems.
You should look for a DNS plug-in that works with your DSP.
OR you could change DSPs [to one that supports API updates]...
OR change ACME clients [for one that supports your DSP]...
OR not use a wildcard cert [switch to HTTP authentication]...


Do you currently run the certbot command on the server with your cpanel


What is already in "crontab -l"?
What is already in "systemctl list-timers"?


No. I execute the command in my Linux PC and then copy the contents of the cert to cPanel
But as @rg305 states, I guess it will be difficult to automatize the DNS TXT records adding process

I cannot get this info from the server as I don't have ssh access to it

Yes, it will also be difficult to automate updating your cpanel. You might want to search this forum for an Acme client called certSage it might make this easier


This confused me:

I missed:


This is likely your best choice:


I believe this is the current version of CertSage:

But last I knew it didn't automate on a schedule; so you'd still need to run it every couple months. Might make the process less painful than manually copying from your local system, though.

Certsage also won't get you the wildcard cert, but I'm guessing that you may be able to just use the real subdomains you're using in there as additional names, rather than using a wildcard.

Or, you might want to switch to a hosting provider (or maybe a "better" hosting plan from your current provider?) that has HTTPS built in, since there's really no excuse for providers to make things so difficult.


+10 :slight_smile:


Thanks a lot
I'll do some research about certSage


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.