cPanel hostname service domains expiring


#1

Hi there,

I welcome the new Let’s Encrypt Plugin features for Auto Renewal but they do not auto renew the hostname cpanel service domains.

I renewed last night with the following then i got a new date of expiration but it does not show on the new certificate. Still less than 30 days remaining.

this is the command i run through ssh

./letsencrypt-auto certonly --test-cert --standalone --email me@outlook.com -d cloud1.domain.co.uk -d cpanel.domain.co.uk with the rest i wanted to renew. One i run before was:

sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d domain.co.uk,cpanel.domain.co.uk plus the rest of em i have in the list for cpanel service.

I am lost on how to get the renewal complete.


#2

Have you restarted the cpanel and apache servers ?

/scripts/restartsrv_cpsrvd
/scripts/restartsrv_httpd

You have basically obtained the certificate, but not necessarily installed it. How did you install it before ? by copying and pasting it into the cpanel ? or by referencing the correct domains in your httpd config ?


#3

Yes they was restarted. Referenced the domains. I did it through SSH through some tut i have now lost :slight_smile:


#4

Without a little more information it’s difficult to debug completely.

Have you got new certificates in /etc/letsencrypt/live ? YOu should have ( you can also check at https://crt.sh/ if they have been issued)

If you have the certificates, then the issue is they aren’t been used.

Check what the httpd config files have for the SSL files. Are they pointing to the correct location ?


#5

Logged At ⇧ Not Before Issuer Name
2016-05-28 2016-05-28 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
2016-05-28 2016-05-28 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
2016-05-28 2016-05-28 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
2016-03-21 2016-03-21 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X1

This is what i see.


#6

So the “letsencrypt certonly” command has done exactly what you asked of it then, and correctly issued you certificates.

You now need to use those certificates in your cpanel / httpd config.

Do you remember how you did it before ?


#7

No sorry i forgot. :wink:


#8

Well, there are two methods, depending how technical you are.

  1. You could get the certificates ( from /etc/letsencrypt/live/domain ) and paste them into cpanel. This is the way you would almost have to do it the very first time, but is a manual method, so can’t easily be automated.

  2. Check in your /etc/httpd/conf/httpd.conf file for where it is referencing the current certificates.

You can do a simple check with

grep SSLCertificate /etc/httpd/conf/httpd.conf

although this will show you all of them, and not where they are easily for each domain. You can edit the file though ( or use “less /etc/httpd/conf/httpd.conf” to view it) and find where they are.

For domains they are likely to be at some location like;

/var/cpanel/ssl/installed/certs/domainname_com_b76a5_a7466_1463960_00f1df1b93e67ad82d24eaf55105600e.crt

If you copy that current certificate (as a backup), delete it, and create a symlink to the correct certificate

e.g.

ln -s /etc/letsencrypt/live/domain/cert.pem /var/cpanel/ssl/installed/certs/domainname_com_b76a5_a7466_1463960_00f1df1b93e67ad82d24eaf55105600e.crt

Then it will create a symlink to the correct files ( which will be updated by letsencrypt ) so renewing in the future you simply need to run the letsencrtpy / certbot to get a new cert, and then restart apache to use it. Hence it can be automated.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.