Can't install Let's Encrypt in cPanel

Help
1

I have incompletely installed Cloudflare SSLs. They malfunction. Want to install Certbot forever.

My domain is: https://blog.daniyar.info/

I ran this command:

It produced this output:

My web server is (include version): c4

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: asurahosting

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel 124.0 (build 30)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

First, your website seems to be working fine right now. What is the problem you see?

Second, Asura Hosting offers Free SSL Certificates in all of its service plans. Can't you just use what they provide?

https://www.asurahosting.com/hosting

3 Likes
3

Now, my SSL connection with Cloudflare is Flexible, not Full Strict. Because, when I used Cloudflare's Full Strict mode, sometimes I couldn't access the site myself! But, Flexible Mode is somewhat risky.

That is why, I have considered a possibility to return to Let's Encrypt, which had been initially installed for me. However, online SSL test services say that my Cloudflare certificates are OK.

4

Can you provide more details of why you could not access the site with Full Strict enabled? What kind of URL were you using that didn't work (http://, https:// with alternate port, or ??)

With Full Strict, were you using a Cloudflare Origin CA Cert on your Origin server (at Asura)?

Have you discussed your concerns with Asura Hosting? What did they explain?

2 Likes
5

With Full Strict mode I got an error 525, SSL handshake fail.
No, I haven't discussed with Asura. Because, it is not an emergency.

6

Personally, I'd suggesting working with your hosting company to use their free cert and recommended configuration. That's what you are paying for and they are nice enough to offer that.

As for your 525, I don't think just getting a new cert will help you. For tips on fixing a 525 see: https://community.cloudflare.com/t/community-tip-fixing-error-525-ssl-handshake-failed/44256

And, even if it was just a cert problem you might be able to use Cloudflare's Origin CA Cert.

If you are not happy with proxying your domain at Cloudflare can't you just remove that? It looks like you have been using it for about a year. Before that you had a Let's Encrypt certificate. Just undo the Cloudflare proxy and go back to what you were doing then.

3 Likes