Add Let's Encrypt as CA to the SSL Wizard Market Providers
As a server administrator I would like cPanel to integrate the AutoSSL and Market Providers such that my clients can use the SSL wizard to manage any SSL that is issued on the server, including SSLs issued through the Let's Encrypt AutoSSL plugin
----
I got the Let's Encrypt (LE) module installed on my Managed VPS with cPanel v64 but I thought I should got more control about the certs LE assign to my hosted domains.
First of all I don't want to show on the cert I'm hosting all the domains now the plugin it's registering.
I want to maintain the domains separated, so domain1 should not be on the same cert than domain2 and so on.
I see now there it's not any tool for the user to manage the LE certificates.
IMHO the best way to do this it should be with the SSL Wizard. The Let's Encrypt should be another CA plus the current ones Comodo and cPanel.
Now for a DV we see on the SSL Wizard these options:
- cPanel DV SSL Certificate
- Comodo DV SSL Certificate
With the feature I'm requesting we should see one for the LE like:
- Let's Encrypt DV SSL Certificate
That certificate should be created within the domains we selected like we do now with the Comodo and cPanel CAs.
After that creation cPanel AutoSSL should do it's magic to renew they when it's needed.
That will solve a lot of problems, with the max limit of subdomains a LE cert can take, and the problem related to people who don't want a SSL cert in some domains. And it will solve also my request about don't show all the hosted domains in the info of the cert of one domain.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Being able to use cPanel to "order" a certificate from Let's Encrypt would be most useful. In my specific scenario, I want to be able to use cPanel to obtain a certificate or, ideally, a wildcard certificate from Let's Encrypt for use in both cPanel&WHM and on a couple subdomains remotely hosted from my home Internet connection. I realize my particular use case may not line up exactly with what was originally envisioned but I hope this can serve as one such example.
The following feature request also relates to my specific scenario, combining both Let's Encrypt as a Market Provider and the possibility of obtaining Let's Encrypt wildcard certificates.
https://features.cpanel.net/topic/lets-encrypt-wildcard-certificates
Being able to use cPanel to "order" a certificate from Let's Encrypt would be most useful. In my specific scenario, I want to be able to use cPanel to obtain a certificate or, ideally, a wildcard certificate from Let's Encrypt for use in both cPanel&WHM and on a couple subdomains remotely hosted from my home Internet connection. I realize my particular use case may not line up exactly with what was originally envisioned but I hope this can serve as one such example.
The following feature request also relates to my specific scenario, combining both Let's Encrypt as a Market Provider and the possibility of obtaining Let's Encrypt wildcard certificates.
https://features.cpanel.net/topic/lets-encrypt-wildcard-certificates
Hi! I’m one of the developers who’s worked on AutoSSL and the cPanel Market’s SSL support. Let me see if I can help you out.
> I want to maintain the domains separated, so domain1 should not be on the same cert than domain2 and so on.
The Let’s Encrypt AutoSSL provider groups certificates by registered domain in order to mitigate the effects of Let’s Encrypt’s rate limiting. While some larger hosts have arrangements with Let’s Encrypt to arrange higher rate limits, most of our customers don’t.
Have you tried the default AutoSSL provider instead of Let’s Encrypt? The rate limits are higher, and you may be able to secure more domains because Comodo implements more of the CA/Browser Forum’s allowed logic for DCV.
Regarding your desire to control the specific domains that AutoSSL secures, have you looked at the “SSL/TLS Status” page? There are controls there to exclude specific domains from AutoSSL; you can use these to tailor your SSL coverage to just the domains that you want.
Hi! I’m one of the developers who’s worked on AutoSSL and the cPanel Market’s SSL support. Let me see if I can help you out.
> I want to maintain the domains separated, so domain1 should not be on the same cert than domain2 and so on.
The Let’s Encrypt AutoSSL provider groups certificates by registered domain in order to mitigate the effects of Let’s Encrypt’s rate limiting. While some larger hosts have arrangements with Let’s Encrypt to arrange higher rate limits, most of our customers don’t.
Have you tried the default AutoSSL provider instead of Let’s Encrypt? The rate limits are higher, and you may be able to secure more domains because Comodo implements more of the CA/Browser Forum’s allowed logic for DCV.
Regarding your desire to control the specific domains that AutoSSL secures, have you looked at the “SSL/TLS Status” page? There are controls there to exclude specific domains from AutoSSL; you can use these to tailor your SSL coverage to just the domains that you want.
The scenario I'm having problems with the current Let's Encrypt operation it's:
One cPanel account with several domains, some of they doesn't has anything related with others.
Initially the Let's Encrypt plugin created only one certificate for all the domains on the cPanel account. Obviously I don't want to have a certificate for the X site, where it appears Y site as alternative dns name.
I saw the SSL/TLS status page where we can mark a domain to not be added to a Let's Encrypt certificate, but that's not all the fine grain I need.
On the last versions of the Let's Encrypt plugin this seems to be changed a bit, and now it seems to not mix different domains in a same certificate. I didn't tested this because due to the initial behaviour of the Let's Encrypt plugin I'm yet working with manually uploaded certificates to my cPanel. I'm creating these certificates with a command line tool which in addition allows me to create wildcard certificates.
The scenario I'm having problems with the current Let's Encrypt operation it's:
One cPanel account with several domains, some of they doesn't has anything related with others.
Initially the Let's Encrypt plugin created only one certificate for all the domains on the cPanel account. Obviously I don't want to have a certificate for the X site, where it appears Y site as alternative dns name.
I saw the SSL/TLS status page where we can mark a domain to not be added to a Let's Encrypt certificate, but that's not all the fine grain I need.
On the last versions of the Let's Encrypt plugin this seems to be changed a bit, and now it seems to not mix different domains in a same certificate. I didn't tested this because due to the initial behaviour of the Let's Encrypt plugin I'm yet working with manually uploaded certificates to my cPanel. I'm creating these certificates with a command line tool which in addition allows me to create wildcard certificates.
Replies have been locked on this page!