Installing Let's Encrypt SSL Certificates On Namecheap Hosting: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
== Installing a certificate for the first time == | == Acme.sh == | ||
This process only needs to be performed once. Running the acme.sh script creates a cron job that will handle certificate renewals. | |||
[https://github.com/acmesh-official/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel How to use acme.sh with cPanel for automatically renewing Let's Encrypt SSL] (Gist) | |||
== Legacy == | |||
<div class="alert alert-warning">The information below is saved for archival purposes. It details the original (manual) method for installing and renewing Let's Encrypt certificates.</div> | |||
=== Installing a certificate for the first time === | |||
This [https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Gist] has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap. | This [https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Gist] has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap. | ||
| Line 5: | Line 15: | ||
It references [https://github.com/diafygi/acme-nosudo this Python script] which conducts the challenge with Let's Encrypt that verifies control of the domain(s). | It references [https://github.com/diafygi/acme-nosudo this Python script] which conducts the challenge with Let's Encrypt that verifies control of the domain(s). | ||
== Renewing the certificate == | === Renewing the certificate === | ||
Let's Encrypt certificates expire every 90 days. | Let's Encrypt certificates expire every 90 days. | ||
=== Automated === | ==== Automated ==== | ||
Some links that rely on `acme.sh` to renew certificates: | Some links that rely on `acme.sh` to renew certificates: | ||
| Line 18: | Line 26: | ||
* [https://www.juliogonzalez.es/lets-encrypt-ssl-certificates-at-cpanel-without-native-support-for-example-at-namecheap/352 Let’s encrypt SSL certificates at cPanel automatically and without native support] | * [https://www.juliogonzalez.es/lets-encrypt-ssl-certificates-at-cpanel-without-native-support-for-example-at-namecheap/352 Let’s encrypt SSL certificates at cPanel automatically and without native support] | ||
=== Manually renewing === | ==== Manually renewing ==== | ||
* SSH to the server. <ref>[https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Letsencrypt SSL certificate with namecheap hosting] - Gist</ref> | * SSH to the server. <ref>[https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Letsencrypt SSL certificate with namecheap hosting] - Gist</ref> | ||
Revision as of 16:41, 7 February 2020
Acme.sh
This process only needs to be performed once. Running the acme.sh script creates a cron job that will handle certificate renewals.
How to use acme.sh with cPanel for automatically renewing Let's Encrypt SSL (Gist)
Legacy
Installing a certificate for the first time
This Gist has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap.
It references this Python script which conducts the challenge with Let's Encrypt that verifies control of the domain(s).
Renewing the certificate
Let's Encrypt certificates expire every 90 days.
Automated
Some links that rely on acme.sh to renew certificates:
- Simple guide to add TLS cert to cpanel
- Let’s encrypt SSL certificates at cPanel automatically and without native support
Manually renewing
- SSH to the server. [1]
- Navigate to the directory containing Let's Encrypt keys and scripts, e.g.
~/letsencrypt/letsencrypt_nosudo/ - Generate a new signed certificate:
python sign_csr.py -f --public-key user.pub ./[DOMAIN]/domain.csr > ./[DOMAIN]/signed.crt
- This will first prompt for an admin email address.
- Then it will prompt for a series of commands to be entered, which create JSON files that are used by the signing script.
- Then it will prompt for a file to be installed on the server for each of the subdomains included in the certificate.
Note—if the directory is password-protected the authorization will fail.
For example:
STEP 5: Please update your server to serve the following file at this URL: -------------- URL: http://cms.littledamien.com/.well-known/acme-challenge/KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g File contents: "KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g.4D84KExUmpNjNtJm9FyfK_Ztf-JapYGv6c8uZ07hclA" --------------
In which case issue the command from the letsencrypt-nosudo directory:
echo "KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g.4D84KExUmpNjNtJm9FyfK_Ztf-JapYGv6c8uZ07hclA" > ../../path/to/public_html/.well-known/acme-challenge/KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g
(The three steps above are the ones that would need to be automated somehow. Possibly acme.sh provides an alternative method for satisfying Let's Encrypt's challenge.)
After verifying each of the domains, a signed certificate is created.
The certificate is installed with: [2]
crt=`cat ./[DOMAIN]/signed.crt | python urlencode.py` key=`cat ./[DOMAIN]/domain.key | python urlencode.py` uapi SSL install_ssl domain=[MYDOMAIN.TLD] cert="$crt" key="$key"
Hint: Look for a script containing the commands immediately above in the directories dedicated to the domains to be signed, e.g. ~/letsencrypt/letsencrypt-nosudo/damienjay/install_cert.
After installing the certificate, it can be verified, and expired certificates can be removed by visiting cPanel > Security > SSL/TLS > Certficates (CRT) > Generate, view, upload, or delete SSL certificates