Elementary Procedure


#1

Hi. Thank you for your services. I just received an email that mentioned I am in the whitelisted. So what’s next? I should admit that I’m pretty unfamiliar with technical knowledge, especially about SSL! I just know that I have accessibility to Cpanel and I’m using a Shared-Hosting service. So could you please provide a clear procedure, preferably with images? Thanks!


#2

@tettoir, I just replied to a similar question in this thread

In the case of cPanel, there is a lot of interest from cPanel users and the broader cPanel community about creating tools that will integrate with Let’s Encrypt and allow people to get certificates from within cPanel. There has also been some discussion about that here on this forum:

The simplest answer is that the relevant tools for your hosting environment have probably not been created yet and will potentially not be ready to use during the course of the beta test, although if that changes or anyone has contrary or more current information, I would love to be corrected!


#3

cpanel doesn’t have letsencrypt integration yet but there is a feature request at https://features.cpanel.net/topic/provide-support-for-lets-encrypt-automated-certificate-management-ssl so you can add your vote for it there.

however, you need ssh access to run the letsencrypt client - so you might need to run the client on a separate VPS server with ssh access and then install the ssl certificate on your cpanel server

if you’ve never ran your own VPS server via ssh and installed relevant software, you can use an auto installer software - tooting my own horn, I develop CentminMod.com LEMP stack auto installer - which auto installs on CentOS, Nginx 1.9 with HTTP/2 support, PHP-FPM, MariaDB 10.0.x MySQL and CSF Firewall etc. So once installed on a VPS, you can run Letsencrypt client’s webroot authentication plugin to obtain the SSL certificate Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain

and use and copy over the obtained SSL certificate to your cpanel server


SSL certificates manual install
#4

@eva2000, thanks for the detailed information!

@lettoir, if you have only ever used cPanel-like environments on shared hosting and never administered a server in another way, you might find @eva2000’s alternatives rather technically complex, but it’s a good reminder that it is technically possible already to set up a separate server, use that to run some existing software tools, and then import the resulting certificate into your hosting environment. I don’t think that there’s exactly a step-by-step walkthrough for this approach yet, and it would require creating a separate server rather than obtaining a certificate within your existing hosting environment.


#5

indeed… i do have

Hope that helps :slight_smile:


#6

@eva2000, wow, you’ve been pretty busy!

For anyone reading this thread, that looks like a great set of resources if you want to try setting up a separate VPS (virtual private server) in order to use it to get a certificate which you then copy into a separate environment. This is clearly more work on the user’s end than getting Let’s Encrypt’s technology integrated with their existing software or hosting environment so that the certificates can be obtained from within the existing environment, but it could be especially useful to people who have been approved for the beta and feel that they need certificates right away or want to confirm that the certificates will eventually work in their application or environment.

One thing to keep in mind from a security perspective is that the VPS provider will, at least temporarily, have access to your private TLS keys and could copy them or could leak them if the provider were hacked. There’s no specific reason to expect any security problems with this kind of solution; you should just be aware that you’re trusting an additional company and an additional set of software with your cryptographic secrets.


#7

yeah all that’s left is full integration of letsencrypt client and webroot authentication into my Centmin Mod LEMP stack so folks can obtain LE SSL certs straight from shell based centmin.sh menu option 2 or via command line /usr/bin/nv command :smile:

and maybe HPKP support http://centminmod.com/http-public-key-pinning.html :slight_smile:


#8

Thank you @eva2000 and @schoen . I should try your useful recommendations. It’s well worth the effort.