|
|
| Line 12: |
Line 12: |
| * '''Certificate''' > '''View Certificate''' button. | | * '''Certificate''' > '''View Certificate''' button. |
| * Expiration Date is displayed in the dialog. | | * Expiration Date is displayed in the dialog. |
|
| |
| == Legacy ==
| |
|
| |
| <div class="alert alert-warning">The information below is saved for archival purposes. It details the original (manual) method for installing and renewing Let's Encrypt certificates.</div>
| |
|
| |
| === Installing a certificate for the first time ===
| |
|
| |
| This [https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Gist] has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap.
| |
|
| |
| It references [https://github.com/diafygi/acme-nosudo this Python script] which conducts the challenge with Let's Encrypt that verifies control of the domain(s).
| |
|
| |
| === Renewing the certificate ===
| |
|
| |
| Let's Encrypt certificates expire every 90 days.
| |
|
| |
| ==== Automated ====
| |
|
| |
| Some links that rely on `acme.sh` to renew certificates:
| |
|
| |
| * [https://github.com/Neilpang/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel Simple guide to add TLS cert to cpanel]
| |
| * [https://www.juliogonzalez.es/lets-encrypt-ssl-certificates-at-cpanel-without-native-support-for-example-at-namecheap/352 Let’s encrypt SSL certificates at cPanel automatically and without native support]
| |
|
| |
| ==== Manually renewing ====
| |
|
| |
| * SSH to the server. <ref>[https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6 Letsencrypt SSL certificate with namecheap hosting] - Gist</ref>
| |
| * Navigate to the directory containing Let's Encrypt keys and scripts, e.g. `~/letsencrypt/letsencrypt_nosudo/`
| |
| * Generate a new signed certificate:
| |
| <syntaxhighlight lang="bash">
| |
| python sign_csr.py -f --public-key user.pub ./[DOMAIN]/domain.csr > ./[DOMAIN]/signed.crt
| |
| </syntaxhighlight>
| |
|
| |
| * This will first prompt for an admin email address.
| |
| * Then it will prompt for a series of commands to be entered, which create JSON files that are used by the signing script.
| |
| * Then it will prompt for a file to be installed on the server for each of the subdomains included in the certificate. <br />'''Note'''—if the directory is password-protected the authorization will fail.
| |
|
| |
| For example:
| |
|
| |
| <syntaxhighlight lang="text">
| |
| STEP 5: Please update your server to serve the following file at this URL:
| |
|
| |
| --------------
| |
| URL: http://cms.littledamien.com/.well-known/acme-challenge/KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g
| |
| File contents: "KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g.4D84KExUmpNjNtJm9FyfK_Ztf-JapYGv6c8uZ07hclA"
| |
| --------------
| |
| </syntaxhighlight>
| |
|
| |
| In which case issue the command from the `letsencrypt-nosudo` directory:
| |
|
| |
| <syntaxhighlight lang="bash">
| |
| echo "KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g.4D84KExUmpNjNtJm9FyfK_Ztf-JapYGv6c8uZ07hclA" > ../../path/to/public_html/.well-known/acme-challenge/KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g
| |
| </syntaxhighlight>
| |
|
| |
| ''(The three steps above are the ones that would need to be automated somehow. Possibly `acme.sh` provides an alternative method for satisfying Let's Encrypt's challenge.)''
| |
|
| |
| After verifying each of the domains, a signed certificate is created.
| |
|
| |
| The certificate is installed with: <ref>[https://gist.github.com/Shourai/bfd9f549a41c836c99c0c660c9271df6#gistcomment-2351618 Using uapi tool to install certificates]</ref>
| |
|
| |
| <syntaxhighlight lang="bash">
| |
| crt=`cat ./[DOMAIN]/signed.crt | python urlencode.py`
| |
| key=`cat ./[DOMAIN]/domain.key | python urlencode.py`
| |
| uapi SSL install_ssl domain=[MYDOMAIN.TLD] cert="$crt" key="$key"
| |
| </syntaxhighlight>
| |
|
| |
| ''Hint: Look for a script containing the commands immediately above in the directories dedicated to the domains to be signed, e.g. `~/letsencrypt/letsencrypt-nosudo/damienjay/install_cert`.''
| |
|
| |
| After installing the certificate, it can be verified, and expired certificates can be removed by visiting '''cPanel''' > '''Security''' > '''SSL/TLS''' > '''Certficates (CRT)''' > '''Generate, view, upload, or delete SSL certificates'''
| |
|
| |
|
| == See also == | | == See also == |
| | [[Let's Encrypt SSL Certificates on Namecheap Hosting (Legacy)]] |
| <references /> | | <references /> |
|
| |
|
| [[Category:SSL]][[Category:Web Hosting]][[Category:Web Development]] | | [[Category:SSL]][[Category:Web Hosting]][[Category:Web Development]] |