cPanel problem with let's encrypt

Hello, my hosting provider does not have the let’s encrypt plugin installed in cPanel, how can I create a let’s encrypt certificate from a common pc, without code, without server, is it possible?

My web server is apache

The operating system my web server runs on linux

My hosting provider have cpanel

I can login to a root shell on my machine (no and i don’t know how to do it)

I’m using a control panel to manage my site, yes cPanel

2 Likes

In the option “Access to SSH” I can create a password, but I don’t know how to use this. I do not have a server, I contract hosting to a third party.

2 Likes

Hi @sbb

start with some basics:

It may be possible that you select a Windows-client

then create only a certificate (with something like “manual”), without installation.

Then try to import that certificate in your cPanel.

3 Likes

Sounds to me like you’re probably using shared hosting through somewhere like GoDaddy. I generally agree with the suggestions that @JuergenAuer has made. However, I’m getting the feeling that you might not consider yourself particularly comfortable with some of the more code/script approaches. From these considerations, I’ll try to offer a few tips to get started.

If you are using GoDaddy or a similar hosting provider, you most likely will find a setting in the server section of their website outside of cPanel to enable SSH access. You need to check that box in order to either use an external SSH login or, perhaps more usefully, the internal terminal in cPanel. Once you enable SSH access, the Terminal should appear in the ADVANCED section of cPanel. See the two screenshots below:

You may need to refresh the page for cPanel a few times after enabling the SSH access (or logout and login again) for the Terminal to appear.

If you don’t intend to use an external SSH connection, you don’t need to mess with the SSH section in cPanel at all. When using the Terminal directly in cPanel you also never need to create separate login credentials. It’s not the most powerful or convenient way, but it will get the job done. When running any scripts or clients through there, you can take advantage of using “> filename” at the end of commands to output to a file that you can then open through the cPanel File Manager. You should be able to create your private keys and certificate signing requests (CSRs) as well as upload certificates in the cPanel SECURITY section under SSL/TLS. There will probably also be an SSL/TLS Status icon you can click as well to check the validity of your certificate installation. If your situation is anything like mine for a new cPanel instance, you probably have a self-signed certificate installed, which you’ll want to replace ASAP.

To get you started, here are a couple of terminal commands to generate a private key and a certificate signing request (CSR) in the Terminal. The second command will prompt you for the information for your domain:

openssl genrsa -out private.key 4096

openssl req -new -key private.key -out your.csr -sha256

The first command will put your new private key in the current (usually root) folder in private.key. The second command will put your new CSR in the current folder in your.csr.

The important steps for getting your certificate are:

  • Generate your private key and csr using either a Let’s Encrypt acme script/client, the cPanel SECURITY SSL plugin, or the commands above. Note that many of the acme scripts/clients will take care of the private key and csr generation for you as well as automate your renewals.
  • Use an acme client to process your csr and communicate with the Let’s Encrypt servers so that they can issue challenges to prove your ownership of the domain. These typically involve creating DNS TXT records or uploading files to a certain place on your server. I find the DNS method easier personally. There are various acme clients out there that will let you obtain a certificate from your csr without needing heavy permissions or code, one of which can be used directly on my website.
  • Once you’ve done what is asked (or had the client do it for you if it has access to do so), the client can then verify your ownership and acquire your new certificate.
  • Lastly you need to install your private key and certificate in the appropriate place on your server. The easiest way to accomplish these is if the client does it for you. The next best way is just to copy and paste them into the corresponding SSL pages in cPanel.
3 Likes

thanks for the reply @JuergenAuer

thanks for the reply @freessltools.com

@JuergenAuer
@freessltools.com

Hello friends, based on the information you gave me, I managed to create and import the let’s encrypt certificate to my hosting provider

From linux (no server) install certbot, I generated the certificate like this

certbot certonly
–manual
–preferred-challenges=dns
–email admin@example.com
–server https://acme-v02.api.letsencrypt.org/directory
–agree-tos
-d *.example.com
-d example.com

then import into my cpanel the private key and the certificate that I generate, it is a process that I have to do manually since the certificate lasts 3 months, but it works for now.

thanks for everything

2 Likes

Excellent! :grinning: I’m glad you got it working. Based on your response I think I may have drastically underestimated you. :woozy_face: Anyhow, glad you were able to get your cert using certbot.

2 Likes

You used --manual: this means you’ll have to repeat these steps every sixty to ninety days.

You can, instead, try to follow this instructions: https://github.com/acmesh-official/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel

1 Like