Ssl auto renew documentation


#1

Hello,

I’m new to this:sunglasses:

Wondering where is the info to auto renew Lets Encrypt SSL Certificates?

And how to get and set up a certificate right from the start so it can be automatic renewed?

Thanks


#2

Hi @USAMark,

This is different for every client application, of which there are perhaps about 100 already.

What kind of hosting environment are you using? Do you know what software you’re going to use to obtain your certificate?


#3

Hello and Thanks!

What kind of hosting environment are you using?
Linux shared hosting with cpanel

Do you know what software you’re going to use to obtain your certificate?
I looked at Certbot briefly but would like to know which is recommended for simplicity and reliability to auto renew.

I have many domains so management, reliability and easy to renew is important.

What do you recommend or know is the best for multiple certificates. Domains / websites will likely be in the same place for a long time, not moved around at all really…

Thank You for any information you can provide to lead to the fast lane :grinning:

USAMark


#4

cpanel has an AutoSSL plugin that will automatically obtain and renew certs from Let’s Encrypt. As I understand it, just flip the switch in the control panel and you’re done.


#5

So far I see there is more to it than that…I need to get sharp on this SSL stuff…

Also read that it only works on vps or dedicated servers. I would like to know more.

I got 2 certificates from sslforfree.com and now saw they are actually issued from Let’s Encrypt. Didn’t realize that. It was simple to get and install the certs from them, SSL For Free. Here is a screen shot of both!

BUT I NEED THE AUTO RENEW, HELP!!!

SSLForFree-LetsEncrypt-Pic2|690x232


#6

Here is the 2nd pic…


#7

GoDaddy doesn’t support this. You will need to continue manually renewing it, or pick a host that supports automatic SSL.


#8

As @_az said, GoDaddy doesn’t support this. (Probably because they has their own certificate business, you are Lucky since your hosting plan at least support custom certificate option… Some of their plan require to buy certificate from them)

Since web-based utilities is your only option, try find another host or (actually buy a long duration cert from them) (my personal suggest)

Thank you


#9

I need a few dozen ssl certs. No way to edit the cpanel core files?

Thanks again


#10

the cPanel server you use is managed by GoDaddy, hence you can’t edit core files.
(If you are a reseller and use reseller hosting, you might be possible to enable extension via WHM)
The easiest way to get dozens of certificates is to validate the file and then upload the certificate manually to GoDaddy Server. (Or, Purchase a certificate from GoDaddy directly)

P.S. You might be able to handle the validation automatically (IF one of the domains you control is using supported DNS API provider (which you can CNAME the_acme-challenge of other domains to a subdomain of the domain you have API access to and use ACME.sh
or
FTP access to set files automatically using sslforfree.com).
However, you still need to install the certificate to the server manually.

Thank you


#11

Thank You very much for this information, I appreciate it.

Each domain is separate, not sub for wild card etc. Working organized won’t be bad doing it manually.

(and you can’t beat the price) :grinning::grinning:


#12

One more thing… (actually 2)

Is sslforfree.com the same company as letsencrypt.org When I got ssl from sslforfree they show letsencrypt as issuer in Godaddy account…see above screen shots in my prior post.

What similar hosting to godaddy has the auto renew?

Thanks Again


#13

They are not the same organization. The sslforfree site is a third-party tool to help you get certificates from Let’s Encrypt. There are about 100 such tools, some of which exist as web sites and some of which are installable software or features of other software.

The Let’s Encrypt CA has an API to allow requesting certificates, but no web site of its own where you can obtain them from the CA. So, all of these tools are using the API in various ways to help you get certificates from Let’s Encrypt.

There’s a large community-maintained list at

Most hosts that offer cPanel will have an automated certificate renewal feature—if they don’t intentionally disable it! You can also use Certbot (or lots of other options) on a VPS if you have root access and administer the system via the command line, which is not commonly the case for shared hosting.


#14

Thank You!!!

I think the key words here are “shared hosting”

I confirmed with Godaddy there is no way to enable cpanel auto renew for let’s encrypt or any other with WHM nor VPS nor shell on shared hosting. I would think that zero hosting companies could allow this due to access to all files of everyone on the shared server so to me it’s understandable regardless of the business / revenue aspect.

I have access to my root files but that is only within the shared hosting account not outside that in the shared server. Am I missing something here???

I have been with Godaddy since 2007 and they are a great company with the absolute best support out of any hosting company that I know of and any I dumped. If they could they would.

There is a good and relatively cost effective way using a dedicated server option which would likely pay for itself using only 5 ssl certs and this would allow the auto renew to access the server.

Anyway, lets Encrypt has a great thing going with this free ssl solution with a little effort renewing so I plan to continue with this Lets Encrypt and $$$upport it. Getting 6 ssl’s so far from sslforfree.com was very easy to do.

Keep up the good work Let’s Encrypt…and Thanks!


#15

I would just add a note that you don’t have to use Let’s Encrypt if it is not convenient to your circumstances.

There are other options out there may be better suited to you.

I feel mildly out of place advertising a competing service on this forum, but I feel like people should be fully aware of the options that suit their usage.

alwaysonssl.com will issue you 12-month duration free certificates as long as you generate your own CSR and register an account with them. This means you will only need to worry about issuing and installing certificates for your shared hosting only once per year per domain, not 4 times.

I’ve written a short guide to using them in combination with cPanel here.


#16

I thought it’s 12 months period…

(Kind of ironic is certcenter’s subdomins are actually using LE, not their own cert…)


#17

I wondered about renew as well. I am using certbot, and there is a cron job for the renew. The certbot cron doesn’t renew them though. I received a notice from letsencrypt that x amount of domains will be expiring in 20 days. I wait a couple of days to see if the cron, which runs daily, will renew them, and it doesn’t. I have to go in and manually do it.


#18

That could happen if you created the certificates with --manual, which requires user interaction in order to renew.

If it’s happening under other circumstances, please create a new thread and post your logs from /var/log/letsencrypt associated with a failed cron autorenewal, and we can try to help debug it.


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.