Installing Let's Encrypt SSL Certificates On Namecheap Hosting

From Littledamien Wiki
Revision as of 11:05, 4 April 2019 by Video8 (talk | contribs)
Jump to navigation Jump to search

Installing a certificate for the first time

This Gist has detailed instructions on how to install a Let's Encrypt SSL certificate for a web site hosted on Namecheap.

It references this Python script which conducts the challenge with Let's Encrypt that verifies control of the domain(s).

Renewing the certificate

Let's Encrypt certificates expire every 90 days.

Automated

TO DO: figure out if there is a way to automate renewing the certificate. Right now it seems that it requires manually entering commands into a terminal.

Some links that rely on acme.sh to renew certificates:

Manually renewing

  • SSH to the server. [1]
  • Navigate to the directory containing Let's Encrypt keys and scripts, e.g. ~/letsencrypt/letsencrypt_nosudo/
  • Generate a new signed certificate:
python sign_csr.py -f --public-key user.pub ./[DOMAIN]/domain.csr > ./[DOMAIN]/signed.crt
  • This will first prompt for an admin email address.
  • Then it will prompt for a series of commands to be entered, which create JSON files that are used by the signing script.
  • Then it will prompt for a file to be installed on the server for each of the subdomains included in the certificate.
    Note—if the directory is password-protected the authorization will fail.

For example: 

STEP 5: Please update your server to serve the following file at this URL:

--------------
URL: http://cms.littledamien.com/.well-known/acme-challenge/KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g
File contents: "KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g.4D84KExUmpNjNtJm9FyfK_Ztf-JapYGv6c8uZ07hclA"
--------------

In which case issue the command from the letsencrypt-nosudo directory: 

echo "KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g.4D84KExUmpNjNtJm9FyfK_Ztf-JapYGv6c8uZ07hclA" > ../../path/to/public_html/.well-known/acme-challenge/KzyAel9e7pAXhqYTpBRfqFDTt5JJ09QMnr6yF24H0_g

(The three steps above are the ones that would need to be automated somehow. Possibly acme.sh provides an alternative method for satisfying Let's Encrypt's challenge.)

After verifying each of the domains, a signed certificate is created.

The certificate is installed with: [2] 

crt=`cat ./[DOMAIN]/signed.crt | python urlencode.py`
key=`cat ./[DOMAIN]/domain.key | python urlencode.py`
uapi SSL install_ssl domain=[MYDOMAIN.TLD] cert="$crt" key="$key"

Hint: Look for a script containing the commands immediately above in the directories dedicated to the domains to be signed, e.g. ~/letsencrypt/letsencrypt-nosudo/damienjay/install_cert.

After installing the certificate, it can be verified, and expired certificates can be removed by visiting cPanel > Security > SSL/TLS > Certficates (CRT) > Generate, view, upload, or delete SSL certificates

See also

  1. Letsencrypt SSL certificate with namecheap hosting - Gist
  2. Using uapi tool to install certificates
Retrieved from "https://wiki.dbarchowsky.com/index.php?title=Installing_Let%27s_Encrypt_SSL_Certificates_On_Namecheap_Hosting&oldid=2711"