Provide Support for Let's Encrypt Automated Certificate Management/SSL
Let's Encrypt is a public interest initiative [501(c)(3)] backed by ISRG, EFF, Cisco, Mozilla, Akami and others. It's aim is to provide free SSL to all websites on the internet so that all web traffic is encrypted.
Let's Encrypt is a free, open, automated signing authority; however, it has significantly simplified the method of implementing SSL on a site. See https://letsencrypt.org/howitworks/ for an explanation. It will use the Automated Certificate Management Environment (ACME) protocol (see: https://letsencrypt.org/getinvolved/)
This has enormous potential for individuals hosting content on the web - particularly those using cPanel. When this launches in 2015, I know would like the ability to use it on my sites - which all use cPanel. My hosting provider has already told me they will support if it you do.
case CPANEL-7816
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
EDIT: There's also a blog post about this request: https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/
I am so happy to tell you all that the Let's Encrypt plugin has left beta and is now in a public release! If you are running cPanel & WHM version 58.0.17 or above (the EDGE or CURRENT tiers right now), you can now install the plugin using the command line by running this command:
Running that script will add cPanel's repo file and make sure the plugin is up to date, which will add it as a provider to the AutoSSL feature introduced in 58. If you want to enable it after you add it to the server, you will need to do so from WHM.
Please note, there are some domain and subdomain limits that are enforced by Let's Encrypt that we attempt to outline here:
https://documentation.cpanel.net/display/ALD/Manage+AutoSSL
If it becomes necessary, we may add this plugin to the list of plugins provided in the WHM interface in a later version of cPanel & WHM.
I want to mention, the most commonly requested feature in relation to this, SNI support for cpsrvd (which includes webmail, cPanel, WHM, etc) is being tracked in this feature request, and *may* make it in to cPanel & WHM version 60, but may be delayed to version 62:
https://features.cpanel.net/topic/ssl-certificate-per-domain-on-all-services
If you have any questions, or encounter any problems, feel free to comment on the forum thread, send me an email (my username is my email address :D ), or open up a support ticket, as is appropriate.
EDIT: There's also a blog post about this request: https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/
I am so happy to tell you all that the Let's Encrypt plugin has left beta and is now in a public release! If you are running cPanel & WHM version 58.0.17 or above (the EDGE or CURRENT tiers right now), you can now install the plugin using the command line by running this command:
Running that script will add cPanel's repo file and make sure the plugin is up to date, which will add it as a provider to the AutoSSL feature introduced in 58. If you want to enable it after you add it to the server, you will need to do so from WHM.
Please note, there are some domain and subdomain limits that are enforced by Let's Encrypt that we attempt to outline here:
https://documentation.cpanel.net/display/ALD/Manage+AutoSSL
If it becomes necessary, we may add this plugin to the list of plugins provided in the WHM interface in a later version of cPanel & WHM.
I want to mention, the most commonly requested feature in relation to this, SNI support for cpsrvd (which includes webmail, cPanel, WHM, etc) is being tracked in this feature request, and *may* make it in to cPanel & WHM version 60, but may be delayed to version 62:
https://features.cpanel.net/topic/ssl-certificate-per-domain-on-all-services
If you have any questions, or encounter any problems, feel free to comment on the forum thread, send me an email (my username is my email address :D ), or open up a support ticket, as is appropriate.
I own a hosting company and I want to support it too!
I own a hosting company and I want to support it too!
this is an absolute must have and not 3 years down the road... this year...
this is an absolute must have and not 3 years down the road... this year...
comments not showing?
comments not showing?
I believe this solution is currently being audited by the same guys who recently completed the truecrypt audit, once it's got a clean bill of health it seems an excellent idea for supporting in cPanel
I believe this solution is currently being audited by the same guys who recently completed the truecrypt audit, once it's got a clean bill of health it seems an excellent idea for supporting in cPanel
My hosting company would install it if there's interest, according to they're reply to my ticket.
My hosting company would install it if there's interest, according to they're reply to my ticket.
This should be made a top priority.
This should be made a top priority.
This should be done ASAP! Specially before let's encrypt is live and working for the end customer...
This should be done ASAP! Specially before let's encrypt is live and working for the end customer...
+1 cPanel should keep in mind that some providers sell SSL certificates as options to hosting plans. If cPanel was to implement Let's Encrypt this could hurt those providers. If this was to be implemented, I'd like to have a way to disable it.
+1 cPanel should keep in mind that some providers sell SSL certificates as options to hosting plans. If cPanel was to implement Let's Encrypt this could hurt those providers. If this was to be implemented, I'd like to have a way to disable it.
We would like to see this implemented into cPanel as soon as Let's Encrypt becomes available.
We would like to see this implemented into cPanel as soon as Let's Encrypt becomes available.
With lets encrypt everything could be made automatic. Each new subdomain or addon domain getting their own ssl cert without the user even needing to do anything.
Https is currently a requirement for http/2. On large sites http/2 makes quite a difference to users overall experience.
We want cPanel to implement the lets encrypt command line to generate an ssl and manage the ssl vhost with cpanel.
In the ssl center cPanel could add lets encrypt functions like generate, revoke, renew, cPanel should also have an auto add mode so that any new sites get a cert installed by default and that certs are renewed automaticaly.
Lets encrypt is comming in one month. We will possibly be installing certs with it manually until cPanel implements it.
With lets encrypt everything could be made automatic. Each new subdomain or addon domain getting their own ssl cert without the user even needing to do anything.
Https is currently a requirement for http/2. On large sites http/2 makes quite a difference to users overall experience.
We want cPanel to implement the lets encrypt command line to generate an ssl and manage the ssl vhost with cpanel.
In the ssl center cPanel could add lets encrypt functions like generate, revoke, renew, cPanel should also have an auto add mode so that any new sites get a cert installed by default and that certs are renewed automaticaly.
Lets encrypt is comming in one month. We will possibly be installing certs with it manually until cPanel implements it.
cP should start working on this now as Let's Encrypt will be offering it's first public certs next month. This will be absolutely essential for keeping small sites' logins secure in the future.
cP should start working on this now as Let's Encrypt will be offering it's first public certs next month. This will be absolutely essential for keeping small sites' logins secure in the future.
This will be a good thing if a cPanel/whm plugin was made to make things easier and quicker to install the free certs.
This will be a good thing if a cPanel/whm plugin was made to make things easier and quicker to install the free certs.
+1 LetsEncrypt.org is very, very awesome... cPanel support deserves to be fast-tracked/accelerated! Yes! =)
+1 LetsEncrypt.org is very, very awesome... cPanel support deserves to be fast-tracked/accelerated! Yes! =)
I'm completely amazed to see that not a single cP employee has placed any comment on this topic. Why it's too had for you guys to say yes will will do it ASAP when so many users/webmasters/admins are requesting for it.
I really don't understand. Lets Encrypt is going to launch on Nov 16 2015, but I really doubt that you guys will provide support for it by then.
Moderator note: conspiracy-based accusations have no purpose in this thread. Please keep comments constructive, and focused on the potential value this feature will bring to your business.
I'm completely amazed to see that not a single cP employee has placed any comment on this topic. Why it's too had for you guys to say yes will will do it ASAP when so many users/webmasters/admins are requesting for it.
I really don't understand. Lets Encrypt is going to launch on Nov 16 2015, but I really doubt that you guys will provide support for it by then.
Moderator note: conspiracy-based accusations have no purpose in this thread. Please keep comments constructive, and focused on the potential value this feature will bring to your business.
There's a lot about the Let's Encrypt project we really like. Many of their key principles (https://letsencrypt.org/about/) are also valued by us.
The cPanel Conference just concluded in Denver. In attendance was Seth Schoen, one of the technical members of the Let's Encrypt project. We took the opportunity to 1) congratulate the project on issuing their first certificate (https://letsencrypt.org/2015/09/14/our-first-cert.html); and 2) to discuss in detail the Let's Encrypt project in the cPanel ecosystem.
There are some things we'll be doing soon, such as making their CA Bundle available in our cabundle service. This service is used by all cPanel & WHM servers going back several versions. Having the CA bundle in that service will ensure Apache is correctly configured when installing a certificate issued by the Let's Encrypt CA.
Some of the other things we discussed:
1. How the Let's Encrypt subscriber agreement (https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf) applies with the various ways people manage SSL/TLS certificates right now. One such scenario is when an admin/reseller manages the certificate for the domain owner
2. How to handle loss of the private key
3. What are the sensitive assets, such as the private key, that are created by the system. How should they best be protected? How do they affect account transfers within a company, and outside a company
4. How to improve the configuration of Apache and other web servers
5. What non-programming ways can people and companies help the project
Long term we do see this CA playing a powerful role for web site owners, system administrators, and many others. We hope to provide more support, and a great experience in using the Let's Encrypt CA with cPanel & WHM once they are ready to service the millions of web sites needing SSL/TLS certificates.
Right now I strongly encourage people interested in this project to do more than vote on this feature. Get involved in the project (https://letsencrypt.org/getinvolved/). Get involved in their forum. Having input and interaction with experienced hosting providers, and system admins will certainly help them.
One thing in particular they are seeking are sanitized examples of production web server configurations. That will help them improve their development and testing of the client (https://github.com/letsencrypt/letsencrypt).
There's a lot about the Let's Encrypt project we really like. Many of their key principles (https://letsencrypt.org/about/) are also valued by us.
The cPanel Conference just concluded in Denver. In attendance was Seth Schoen, one of the technical members of the Let's Encrypt project. We took the opportunity to 1) congratulate the project on issuing their first certificate (https://letsencrypt.org/2015/09/14/our-first-cert.html); and 2) to discuss in detail the Let's Encrypt project in the cPanel ecosystem.
There are some things we'll be doing soon, such as making their CA Bundle available in our cabundle service. This service is used by all cPanel & WHM servers going back several versions. Having the CA bundle in that service will ensure Apache is correctly configured when installing a certificate issued by the Let's Encrypt CA.
Some of the other things we discussed:
1. How the Let's Encrypt subscriber agreement (https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf) applies with the various ways people manage SSL/TLS certificates right now. One such scenario is when an admin/reseller manages the certificate for the domain owner
2. How to handle loss of the private key
3. What are the sensitive assets, such as the private key, that are created by the system. How should they best be protected? How do they affect account transfers within a company, and outside a company
4. How to improve the configuration of Apache and other web servers
5. What non-programming ways can people and companies help the project
Long term we do see this CA playing a powerful role for web site owners, system administrators, and many others. We hope to provide more support, and a great experience in using the Let's Encrypt CA with cPanel & WHM once they are ready to service the millions of web sites needing SSL/TLS certificates.
Right now I strongly encourage people interested in this project to do more than vote on this feature. Get involved in the project (https://letsencrypt.org/getinvolved/). Get involved in their forum. Having input and interaction with experienced hosting providers, and system admins will certainly help them.
One thing in particular they are seeking are sanitized examples of production web server configurations. That will help them improve their development and testing of the client (https://github.com/letsencrypt/letsencrypt).
That's a good first step. Kenneth, thank you for posting this.
At this time, is there any plan beyond simply supporting the certs ?
Will we be on our own for installing the client or will it eventually be integrated in cPanel ? If it is on the horizon, do you have a rough timeline so we can judge whether we feel we can wait or invest in DIY to get it working sooner?
That's a good first step. Kenneth, thank you for posting this.
At this time, is there any plan beyond simply supporting the certs ?
Will we be on our own for installing the client or will it eventually be integrated in cPanel ? If it is on the horizon, do you have a rough timeline so we can judge whether we feel we can wait or invest in DIY to get it working sooner?
Great. For the vast majority of small websites, this could be THE best way to secure their websites. I'm happy to see it's being worked on and hope to see it implemented early in 2016 :)
Great. For the vast majority of small websites, this could be THE best way to secure their websites. I'm happy to see it's being worked on and hope to see it implemented early in 2016 :)
This really needs some serious attention, I am glad that cPanel have finally responded.
It is clear that it will take some time to get this up and running with the underlying RHEL code issues. Hopefully cPanel will provide the necessary resources to the Let's Encrypt team in a timely way so that this takes not a day longer than it needs to.
This really needs some serious attention, I am glad that cPanel have finally responded.
It is clear that it will take some time to get this up and running with the underlying RHEL code issues. Hopefully cPanel will provide the necessary resources to the Let's Encrypt team in a timely way so that this takes not a day longer than it needs to.
LetsEncrypt integrated with cPanel would/will be a -GREAT- feature. Let's keep this one active as LetsEncrypt comes online!
LetsEncrypt integrated with cPanel would/will be a -GREAT- feature. Let's keep this one active as LetsEncrypt comes online!
+100. Really would love to see this. LetsEncrypt is going to be offered to the general public next month, and besides the obvious security advantages, since Google Analytics is now ranking websites higher for the ones that have SSL activated this also becomes extremely important.
+100. Really would love to see this. LetsEncrypt is going to be offered to the general public next month, and besides the obvious security advantages, since Google Analytics is now ranking websites higher for the ones that have SSL activated this also becomes extremely important.
Just a side note as well, support for this would allow proper use of the force HTTPS versions of whm/cpanel/mail. Currently the self signed style (or lack thereof) certs fly browser warnings which, depending on your use-case, could be a good or bad thing. Sure one could opt to purchase a cert for this, but in large deploys its cost multiplicity is often not justified at the client util level.
Just a side note as well, support for this would allow proper use of the force HTTPS versions of whm/cpanel/mail. Currently the self signed style (or lack thereof) certs fly browser warnings which, depending on your use-case, could be a good or bad thing. Sure one could opt to purchase a cert for this, but in large deploys its cost multiplicity is often not justified at the client util level.
This would be a great thing to have especially since it will simplify the process
This would be a great thing to have especially since it will simplify the process
Yes! Can't wait to see this feature for my websites.
Yes! Can't wait to see this feature for my websites.
I don't see this ever happening or if it does every host will have it turned off. All the major hosts make money off SSL's so I am sure they Lobby cPanel to put it off as long as possible. If they do add it It'll probably be turned off for most cPanel included subscriptions.
I support it and want to see it, just talking reality in the volume license game.
I don't see this ever happening or if it does every host will have it turned off. All the major hosts make money off SSL's so I am sure they Lobby cPanel to put it off as long as possible. If they do add it It'll probably be turned off for most cPanel included subscriptions.
I support it and want to see it, just talking reality in the volume license game.
Yeah, actually this MUST happen sometime in the future. Google has signaled its intent in Chrome to flag ALL unencrypted websites the same way they do self-signed HTTPS connections today. Its going to be phased in. The other browsers will follow suit over time. I could find additional articles, but this one sticks out: http://www.cnet.com/news/chrome-becoming-tool-in-googles-push-for-encrypted-web/
Yeah, actually this MUST happen sometime in the future. Google has signaled its intent in Chrome to flag ALL unencrypted websites the same way they do self-signed HTTPS connections today. Its going to be phased in. The other browsers will follow suit over time. I could find additional articles, but this one sticks out: http://www.cnet.com/news/chrome-becoming-tool-in-googles-push-for-encrypted-web/
Ok, I've just read their FAQ.
Let's encrypt certs will be valid for 90 days and from what I understood they will provide an automatic renew mechanism that runs every 60 days.
We will defenetly need this to be integrated to cpanel to make it able to renew ssl certs automaticaly.
Aslo this is comming sooner than I thought. Let's Encrypt is now compatible will all major browsers and their current planned launch date is nov 16 2015.
Ok, I've just read their FAQ.
Let's encrypt certs will be valid for 90 days and from what I understood they will provide an automatic renew mechanism that runs every 60 days.
We will defenetly need this to be integrated to cpanel to make it able to renew ssl certs automaticaly.
Aslo this is comming sooner than I thought. Let's Encrypt is now compatible will all major browsers and their current planned launch date is nov 16 2015.
Please add this, considering browsers are going to start flagging sites without this, it'd be nice if this could happen.
Please add this, considering browsers are going to start flagging sites without this, it'd be nice if this could happen.
This is definitely a requirement, do we have any sort of timeline for this?
I went ahead and registered for the Beta, got the invite only to find out because I use cPanel I apparently cannot use it at all because cPanel manages the apache config and rebuilds it. I double checked with our VPS host and they confirm that we cannot use it until there is added support in cPanel or some kind of plugin...
This is definitely a requirement, do we have any sort of timeline for this?
I went ahead and registered for the Beta, got the invite only to find out because I use cPanel I apparently cannot use it at all because cPanel manages the apache config and rebuilds it. I double checked with our VPS host and they confirm that we cannot use it until there is added support in cPanel or some kind of plugin...
I got an invite for the Let's Encrypt beta as well, but can't install it because I am using cPanel on my servers. I would love to see support for Let's Encrypt added to cPanel soon!
I got an invite for the Let's Encrypt beta as well, but can't install it because I am using cPanel on my servers. I would love to see support for Let's Encrypt added to cPanel soon!
If it's a good/save alternative for payed SSL certificates then yeah i really vouch for this feature the faster the better even.
If it's a good/save alternative for payed SSL certificates then yeah i really vouch for this feature the faster the better even.
It is easy to use, when you use it with the webroot routine --webroot-path
It is easy to use, when you use it with the webroot routine --webroot-path
Let's encrypt offers only 90-day certificates, so cpanel could create an option to renew such certificates automatically (where 'automatic renewal' option is turned on)
Let's encrypt offers only 90-day certificates, so cpanel could create an option to renew such certificates automatically (where 'automatic renewal' option is turned on)
This would be a big benefit for all our nonprofit clients we host; would love to see this implemented.
This would be a big benefit for all our nonprofit clients we host; would love to see this implemented.
I'm mid-level in my knowledge of Linux and servers. I use cPanel and other things (CSF, CloudLinux, CageFS, and I pay for a management service where I can ask questions, ask for help, and they do basic monitoring) to help me be as safe as possible, instead of running a bare server.
I just got into the beta for LE, and tried to install it. It failed for reasons that aren't important. What is important is getting cPanel behind this effort - because this is right up the alley for where cPanel can help people like me, and those who know even less than me.
The server experts can deal with certificates no worries; but in the effort to get as much of the web on https as possible, I definitely hope cPanel get help us out and get this working safely and such that it doesn't break features that cPanel already provides.
I'm mid-level in my knowledge of Linux and servers. I use cPanel and other things (CSF, CloudLinux, CageFS, and I pay for a management service where I can ask questions, ask for help, and they do basic monitoring) to help me be as safe as possible, instead of running a bare server.
I just got into the beta for LE, and tried to install it. It failed for reasons that aren't important. What is important is getting cPanel behind this effort - because this is right up the alley for where cPanel can help people like me, and those who know even less than me.
The server experts can deal with certificates no worries; but in the effort to get as much of the web on https as possible, I definitely hope cPanel get help us out and get this working safely and such that it doesn't break features that cPanel already provides.
I'm mid-level in my knowledge of Linux and servers. I use cPanel and other things (CSF, CloudLinux, CageFS, and I pay for a management service where I can ask questions, ask for help, and they do basic monitoring) to help me be as safe as possible, instead of running a bare server.
I just got into the beta for LE, and tried to install it. It failed for reasons that aren't important. What is important is getting cPanel behind this effort - because this is right up the alley for where cPanel can help people like me, and those who know even less than me.
The server experts can deal with certificates no worries; but in the effort to get as much of the web on https as possible, I definitely hope cPanel get help us out and get this working safely and such that it doesn't break features that cPanel already provides.
I'm mid-level in my knowledge of Linux and servers. I use cPanel and other things (CSF, CloudLinux, CageFS, and I pay for a management service where I can ask questions, ask for help, and they do basic monitoring) to help me be as safe as possible, instead of running a bare server.
I just got into the beta for LE, and tried to install it. It failed for reasons that aren't important. What is important is getting cPanel behind this effort - because this is right up the alley for where cPanel can help people like me, and those who know even less than me.
The server experts can deal with certificates no worries; but in the effort to get as much of the web on https as possible, I definitely hope cPanel get help us out and get this working safely and such that it doesn't break features that cPanel already provides.
With this entering beta in a week, do we have an update anywhere form cPanel?
With this entering beta in a week, do we have an update anywhere form cPanel?
I don't think this should only be available end-2016. I think it should be available ASAP. It's not about stability it's about building cutting edge stuff, that we all know that can fail, however it should be offered as experimental. cPanel team should really get in talks with LetsEncrypt in order to launch an experimental automated solution as soon as their platform is available. Realistically speaking it should happen even on a demo version of the platform not the final thing because of two things: 1) LetsEncrypt would be much better tested; 2) cPanel implementation would be better because of the close collaboration.
I don't think this should only be available end-2016. I think it should be available ASAP. It's not about stability it's about building cutting edge stuff, that we all know that can fail, however it should be offered as experimental. cPanel team should really get in talks with LetsEncrypt in order to launch an experimental automated solution as soon as their platform is available. Realistically speaking it should happen even on a demo version of the platform not the final thing because of two things: 1) LetsEncrypt would be much better tested; 2) cPanel implementation would be better because of the close collaboration.
We definitely need this ASAP.
Lets face it, this is the end of paid certificates and the end of this truly unnecessary "tax". But I'm not sure if cPanel as a company would like to add this feature and they'll probably delay its integration as much as possible, because they already have a paid interface to sell certificates via WHM (its located under the SSL/TLS section).
But no matter how long they delay the inevitable death of paid certificates, I'm sure someone will implement a 3rd party solution... I'm not naming any names :)
We definitely need this ASAP.
Lets face it, this is the end of paid certificates and the end of this truly unnecessary "tax". But I'm not sure if cPanel as a company would like to add this feature and they'll probably delay its integration as much as possible, because they already have a paid interface to sell certificates via WHM (its located under the SSL/TLS section).
But no matter how long they delay the inevitable death of paid certificates, I'm sure someone will implement a 3rd party solution... I'm not naming any names :)
For Ecommerce sites, they may not be PCI Compliant enough for most gateway companies. These would likely be best used for the server hostname SSL for cPanel/WHM plus other services, instead of using self signed SSL certs.
For Ecommerce sites, they may not be PCI Compliant enough for most gateway companies. These would likely be best used for the server hostname SSL for cPanel/WHM plus other services, instead of using self signed SSL certs.
I believe these certificates would be mostly used by people to whom an SSL Certificate is not something they feel they can justify paying for, for example companies with out e-commerce or websites requiring the code.
It would also be useful for encrypting, mail services, WHM and cPanel for example on a server, as it means you do not buy an SSL Certificate for your server that lasts a year if you decommission a server it means wasted expenditure.
90 days a time for a hostname certificate seems like a sensible way of securing the traffic and not investing in a year long product for something that may not be required for that length of time.
I believe these certificates would be mostly used by people to whom an SSL Certificate is not something they feel they can justify paying for, for example companies with out e-commerce or websites requiring the code.
It would also be useful for encrypting, mail services, WHM and cPanel for example on a server, as it means you do not buy an SSL Certificate for your server that lasts a year if you decommission a server it means wasted expenditure.
90 days a time for a hostname certificate seems like a sensible way of securing the traffic and not investing in a year long product for something that may not be required for that length of time.
Don't get too excited it will take a few years to be implemented.
Status has been updated to Planned
Don't get too excited it will take a few years to be implemented.
Status has been updated to Planned
I don't think it'll take years to be implemented. I think this is a great step ahead.
I don't think it'll take years to be implemented. I think this is a great step ahead.
Can see the status for this topic was changed to planned, cPanel staff, do you happen to have further details, such as release dates ??
Can see the status for this topic was changed to planned, cPanel staff, do you happen to have further details, such as release dates ??
ETA before March 2016? Please?
ETA before March 2016? Please?
IMO the cPanel implementation timing should be fairly close to when Let's Encrypt comes out of beta / goes mainstream..
IMO the cPanel implementation timing should be fairly close to when Let's Encrypt comes out of beta / goes mainstream..
The public beta starts December 3rd 2015. Adding support ASAP would be appreciated.
The public beta starts December 3rd 2015. Adding support ASAP would be appreciated.
From what I've read so far of where LetsEncrypt is in their project — and let me emphasize that I think they're doing great work — I don't think it will be added TOO quickly to cPanel. They're a very small team hard, but from what I've read on their forum, development is not as far along. I'd term it more of an open alpha than an open beta, especially these days when so many projects enter in perpetual beta and make releases....
From what I've read so far of where LetsEncrypt is in their project — and let me emphasize that I think they're doing great work — I don't think it will be added TOO quickly to cPanel. They're a very small team hard, but from what I've read on their forum, development is not as far along. I'd term it more of an open alpha than an open beta, especially these days when so many projects enter in perpetual beta and make releases....
I'm trying to test letsencrypt on a CloudLinux/cPanel server. I know it's not yet fully compatible...
I'm getting conflicts with the git-cpanel package.
...
Transaction Check Error:
file /etc/bash_completion.d/git from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
file /usr/bin/git from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
file /usr/libexec/git-core/git from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
file /usr/bin/git-receive-pack from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
...and so on...
Is there a way to fix this? Bypass this check? (since we have git installed on every cpanel server anyway).
I'm trying to test letsencrypt on a CloudLinux/cPanel server. I know it's not yet fully compatible...
I'm getting conflicts with the git-cpanel package.
...
Transaction Check Error:
file /etc/bash_completion.d/git from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
file /usr/bin/git from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
file /usr/libexec/git-core/git from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
file /usr/bin/git-receive-pack from install of git-1.7.1-3.el6_4.1.x86_64 conflicts with file from package git-cpanel-1.8.3.1-1.el6.cloudlinux.x86_64
...and so on...
Is there a way to fix this? Bypass this check? (since we have git installed on every cpanel server anyway).
Can we have this still this year? (⸮)
Can we have this still this year? (⸮)
Ideally a single button press in cPanel will (a) generate the necessary pub/priv certificates (b) submit to Let's Encrypt (c) install the certificate for the relevant site and most importantly (d) add a cron to automatically renew every 80 days.
Ideally a single button press in cPanel will (a) generate the necessary pub/priv certificates (b) submit to Let's Encrypt (c) install the certificate for the relevant site and most importantly (d) add a cron to automatically renew every 80 days.
Meanwhile, Plesk has already added support for Let's Encrypt - check out their extension catalog.
Meanwhile, Plesk has already added support for Let's Encrypt - check out their extension catalog.
Plesk already has this. Let’s not have egg on our face, shall we? In terms of new features I would consider this a top-tier priority right now.
Plesk already has this. Let’s not have egg on our face, shall we? In terms of new features I would consider this a top-tier priority right now.
We have created a How To article on the forums for installing the Let's Encrypt client and how to generate and install the SSLs via the command line using the API. Hopefully until development can look into adding a plugin or native function, the following should help all server administrators generate and install SSL's.
https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621/
We have created a How To article on the forums for installing the Let's Encrypt client and how to generate and install the SSLs via the command line using the API. Hopefully until development can look into adding a plugin or native function, the following should help all server administrators generate and install SSL's.
https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621/
Now its start working, i am using it.
Thanks
Now its start working, i am using it.
Thanks
I'm excited for this to be an easy plugin used by WHM and cPanel. Please remember though that this is still in beta. It would almost seem two-faced if cPanel blocked SPDY for possible security issues yet would roll out support for Let's Encrypt while still in beta. If any of you value security please do not deploy Let's Encrypt on production servers until it is finalized and has been audited and tested extensively.
I'm excited for this to be an easy plugin used by WHM and cPanel. Please remember though that this is still in beta. It would almost seem two-faced if cPanel blocked SPDY for possible security issues yet would roll out support for Let's Encrypt while still in beta. If any of you value security please do not deploy Let's Encrypt on production servers until it is finalized and has been audited and tested extensively.
Anybody out there tried this yet?
https://gethttpsforfree.com/
Anybody out there tried this yet?
https://gethttpsforfree.com/
Since you don't have a WHM plugin i guess this means its one installation per cPanel and cannot install once and create multiple ssl certs for multiple domains?
Since you don't have a WHM plugin i guess this means its one installation per cPanel and cannot install once and create multiple ssl certs for multiple domains?
So, Plesk users get the plugin faster and for free, but cPanel users have to wait and pay $30 for it? Wow...
So, Plesk users get the plugin faster and for free, but cPanel users have to wait and pay $30 for it? Wow...
That's kind of a stupid thing to say. This is a third party, not cPanel. You can follow the instructions by the Let's Encrypt folks and getting working. So you have to neither wait nor pay $30. The fact that Plesk got it quickly is great; and it'd be neat if cPanel gets it quickly, but your comment is wrong.
(Meanwhile, I have CloudLinux, so I'm waiting for someone to get it working on there and write up how they did it. hehe)
That's kind of a stupid thing to say. This is a third party, not cPanel. You can follow the instructions by the Let's Encrypt folks and getting working. So you have to neither wait nor pay $30. The fact that Plesk got it quickly is great; and it'd be neat if cPanel gets it quickly, but your comment is wrong.
(Meanwhile, I have CloudLinux, so I'm waiting for someone to get it working on there and write up how they did it. hehe)
I made it work with CloudLinux - followed the same guide - no issues with that :)
I made it work with CloudLinux - followed the same guide - no issues with that :)
Hrm... I had troubles, so off to do more research on it. :)
Hrm... I had troubles, so off to do more research on it. :)
@LucasRolff What version of CloudLinux did you get it working on? We have been holding off rocking any boats while CL7.x and cPanel x.54/ea4 stabilize out more, but if LE works, that is a good sign.
@LucasRolff What version of CloudLinux did you get it working on? We have been holding off rocking any boats while CL7.x and cPanel x.54/ea4 stabilize out more, but if LE works, that is a good sign.
Are cPanel deleting comments from this thread now? I got several emails about new comments but they are not here? One of them looked very interesting (install guide) the other was a total stab into cPanels side calling you all scammers... Anyway the comment re: install should have been left up surely?
Are cPanel deleting comments from this thread now? I got several emails about new comments but they are not here? One of them looked very interesting (install guide) the other was a total stab into cPanels side calling you all scammers... Anyway the comment re: install should have been left up surely?
Plesk 12.5 already has it.
Plesk 12.5 already has it.
I've gotten Let's Encrypt to work with cPanel / WHM and my website but I had to do it manually. Also, I have a Virtual Private Server, so I'm root. This made it a bit easier. I think it would be simple for cPanel to roll out an update that would allow Let's Encrypt to work automatically, at least for just getting the certs.
All cPanel needs to do is make it so Let's Encrypt can access a file it creates in the document root's directory for the various Virtual Hosts. For example, Let's Encrypt creates a directory, .well-known/acme-challenge in the document root. We point letsencrypt-auto to the document root, /usr/local/apache/htdocs, but when letsencrypt-auto tries accessing stuff like webmail.mydomain.com/.well-known/acme-challenge, it cannot. cPanel redirects to a 401 or whatever it is.
If cPanel just put in a small little patch that would allow the .well-known/acme-challenge directory to go through for the various virtual hosts, it'd be great! There's already scripts to automate installing the certs into WHM and installing the certs for the various services (ie, cPanel, WHM, webmail, ftp, etc). But currently, the only way to get the certs is to stop our webserver (ie, Apache), grab the certs, then start our webserver's back up again. Even though this can easily be automated, with a busy website, this causes issues for users. Thanks!
I've gotten Let's Encrypt to work with cPanel / WHM and my website but I had to do it manually. Also, I have a Virtual Private Server, so I'm root. This made it a bit easier. I think it would be simple for cPanel to roll out an update that would allow Let's Encrypt to work automatically, at least for just getting the certs.
All cPanel needs to do is make it so Let's Encrypt can access a file it creates in the document root's directory for the various Virtual Hosts. For example, Let's Encrypt creates a directory, .well-known/acme-challenge in the document root. We point letsencrypt-auto to the document root, /usr/local/apache/htdocs, but when letsencrypt-auto tries accessing stuff like webmail.mydomain.com/.well-known/acme-challenge, it cannot. cPanel redirects to a 401 or whatever it is.
If cPanel just put in a small little patch that would allow the .well-known/acme-challenge directory to go through for the various virtual hosts, it'd be great! There's already scripts to automate installing the certs into WHM and installing the certs for the various services (ie, cPanel, WHM, webmail, ftp, etc). But currently, the only way to get the certs is to stop our webserver (ie, Apache), grab the certs, then start our webserver's back up again. Even though this can easily be automated, with a busy website, this causes issues for users. Thanks!
I came across https://letsencrypt-for-cpanel.com/ and it looks good and easy.
Unfortunately they only support 64 bit and I would need it for an older, smaller 32bit VPS.
If you need 32bit and would consider them, please let them know.
I came across https://letsencrypt-for-cpanel.com/ and it looks good and easy.
Unfortunately they only support 64 bit and I would need it for an older, smaller 32bit VPS.
If you need 32bit and would consider them, please let them know.
https://bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x worked for me.
https://bitbucket.org/webstandardcss/lets-encrypt-for-cpanel-centos-6.x worked for me.
Let's Encrypt is very nice and important feature for cPanel future.
most IT experts want to this with cPanel.
Let's Encrypt is very nice and important feature for cPanel future.
most IT experts want to this with cPanel.
it is so easy to implement, it could be even introduced in a minor update ;)
it is so easy to implement, it could be even introduced in a minor update ;)
unfortunately the cpanel has lost many customers may not have ssl the main ip but now and will lose even more as the delayed lets encrypt. in pelsk it works just fine. I have my servers in cpanel but really meditate change because competition has grown all the companies with pelsk offer lets encrypt things that we with cpanel we can not do.
unfortunately the cpanel has lost many customers may not have ssl the main ip but now and will lose even more as the delayed lets encrypt. in pelsk it works just fine. I have my servers in cpanel but really meditate change because competition has grown all the companies with pelsk offer lets encrypt things that we with cpanel we can not do.
It may seem easy to you but there is more work then just makeing it work they also have to make sure it's secure, doesn't have any bugs, will be compatible with future releases of cPanel, doesn't break any existing usages/features. They also have alot of other features that they are in the process of integrating. This feature is planned and will hopefully soon make it to in progress. They have started work on v56 so I doubt this will be before v58.
It may seem easy to you but there is more work then just makeing it work they also have to make sure it's secure, doesn't have any bugs, will be compatible with future releases of cPanel, doesn't break any existing usages/features. They also have alot of other features that they are in the process of integrating. This feature is planned and will hopefully soon make it to in progress. They have started work on v56 so I doubt this will be before v58.
well, the implications are clear, but it cant get any easier than the letsencrypt guys implemented it.
i am using it with manual implementations on all my boxes already, besides on my cpanel box. and especially for the hosters offering whm/cpanel its a massive plus to offer this to their clients. plus there are already guys offering cpanel plugins for it. this is not cosmetics but pretty much standard (as well as sni, btw...). but maybe i am alone with that point of view (dont think so).
imagine happy clients which dont get punished by google with bad rankings for not offering tls as standard ;)
well, the implications are clear, but it cant get any easier than the letsencrypt guys implemented it.
i am using it with manual implementations on all my boxes already, besides on my cpanel box. and especially for the hosters offering whm/cpanel its a massive plus to offer this to their clients. plus there are already guys offering cpanel plugins for it. this is not cosmetics but pretty much standard (as well as sni, btw...). but maybe i am alone with that point of view (dont think so).
imagine happy clients which dont get punished by google with bad rankings for not offering tls as standard ;)
@cpanelnick , why it is taking so long to implement this? This is very simple really. Don't wait for people to switch to Plesk.
@cpanelnick , why it is taking so long to implement this? This is very simple really. Don't wait for people to switch to Plesk.
I am really in favor of this feature request, being a webhost. But, on the other hand, with DV SSL rated at 4 euro/year, it isn't the highest item on my priority wishlist. Might be because I've automated the whole process...
I am really in favor of this feature request, being a webhost. But, on the other hand, with DV SSL rated at 4 euro/year, it isn't the highest item on my priority wishlist. Might be because I've automated the whole process...
It would certainly be nice to have a tool in the WHM for this feature to streamline this process for creating and installing certificates, but especially for maintaining and revoking them later so a site owner doesn't have to think about it much, or create the cron jobs manually.
One gotcha I found is if the user has a CMS installed at a particular domain or subdomain, the cert creation command will fail because of index.php and .htaccess redirect issues. The work around for that is to temporarily disable those files and run the command again so that the tool can write to the root folder properly and verify the domain.
LetsEncrypt installation in /root/ is pretty straight forward if you read the guide at https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621; or the repo at https://github.com/letsencrypt/letsencrypt.
Then it's about creating certs with the command line and installing them with cut-and-paste using the WHM at Home > SSL/TLS > Install an SSL Certificate on a Domain.
So yes, having a tool in the WHM would make that a lot easier.
After installing the tool, it's easy to run the commands to create certs with /root/letsencrypt/letsencrypt-auto, e.g.:
If the command completes successfully, the certs get installed in /etc/letsencrypt/live/domain/{cert.pem@, chain.pem@, fullchain.pem@, privkey.pem@}
Then it's trivial to cut-and-paste the cert.pem and privkey.pem into the WHM tool mentioned above.
My wish list for the WHM LetsEncrypt tool:
It would certainly be nice to have a tool in the WHM for this feature to streamline this process for creating and installing certificates, but especially for maintaining and revoking them later so a site owner doesn't have to think about it much, or create the cron jobs manually.
One gotcha I found is if the user has a CMS installed at a particular domain or subdomain, the cert creation command will fail because of index.php and .htaccess redirect issues. The work around for that is to temporarily disable those files and run the command again so that the tool can write to the root folder properly and verify the domain.
LetsEncrypt installation in /root/ is pretty straight forward if you read the guide at https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621; or the repo at https://github.com/letsencrypt/letsencrypt.
Then it's about creating certs with the command line and installing them with cut-and-paste using the WHM at Home > SSL/TLS > Install an SSL Certificate on a Domain.
So yes, having a tool in the WHM would make that a lot easier.
After installing the tool, it's easy to run the commands to create certs with /root/letsencrypt/letsencrypt-auto, e.g.:
If the command completes successfully, the certs get installed in /etc/letsencrypt/live/domain/{cert.pem@, chain.pem@, fullchain.pem@, privkey.pem@}
Then it's trivial to cut-and-paste the cert.pem and privkey.pem into the WHM tool mentioned above.
My wish list for the WHM LetsEncrypt tool:
Plesk already have it. https://devblog.plesk.com/2015/12/lets-encrypt-plesk/
Direct Admin, a free control panel, also have it. http://www.directadmin.com/features.php?id=1828
Chrome will flag unencrypted website soon.
This feature request is "Planned". Does that mean they haven't even start working on it?
Plesk already have it. https://devblog.plesk.com/2015/12/lets-encrypt-plesk/
Direct Admin, a free control panel, also have it. http://www.directadmin.com/features.php?id=1828
Chrome will flag unencrypted website soon.
This feature request is "Planned". Does that mean they haven't even start working on it?
is it in cpanel's best interest to delay LE implementation? Do they sell SSL certs or partner up with another company that does? I'd imagine this is a significant source of revenue for certain SSL cert issuers
is it in cpanel's best interest to delay LE implementation? Do they sell SSL certs or partner up with another company that does? I'd imagine this is a significant source of revenue for certain SSL cert issuers
Considering that a 3rd party premium plugin was developed to add LE functionality to cPanel, it is pretty bad that cPanel themselves have still not added this in or posted updates. It will not lose them or any other company money as it is only basic SSL Certs that are being issued, for those on marketplaces or who want the full verified stamp etc they still need to purchase a premium one.
We are almost a full year since the request was made and it would appear that no progress has been made by cPanel?
I must say though cPanel are missing a trick here because if they added this functionality to WHM/cPanel they could even have a small area that promotes premium SSL certs either via cpanel directly (or sell their own via partnership) or they could list a cPanel recommended supplier which would allow them to make money or commission from those who want / need more than a free SSL Cert...
Please cPanel post an official update to this
Considering that a 3rd party premium plugin was developed to add LE functionality to cPanel, it is pretty bad that cPanel themselves have still not added this in or posted updates. It will not lose them or any other company money as it is only basic SSL Certs that are being issued, for those on marketplaces or who want the full verified stamp etc they still need to purchase a premium one.
We are almost a full year since the request was made and it would appear that no progress has been made by cPanel?
I must say though cPanel are missing a trick here because if they added this functionality to WHM/cPanel they could even have a small area that promotes premium SSL certs either via cpanel directly (or sell their own via partnership) or they could list a cPanel recommended supplier which would allow them to make money or commission from those who want / need more than a free SSL Cert...
Please cPanel post an official update to this
> Considering that a 3rd party premium plugin was developed to add LE functionality to cPanel, it is pretty bad that cPanel themselves have still not added this in
You forget that cPanel has other priorities as well. There's stuff right now that is *far more* important than Let's Encrypt. Maybe it's easy to implement for a third-party (which I believe still doesn't work optimal) - but cPanel has other stuff to do as well.
> Considering that a 3rd party premium plugin was developed to add LE functionality to cPanel, it is pretty bad that cPanel themselves have still not added this in
You forget that cPanel has other priorities as well. There's stuff right now that is *far more* important than Let's Encrypt. Maybe it's easy to implement for a third-party (which I believe still doesn't work optimal) - but cPanel has other stuff to do as well.
This is no excuse for cPanel not at least issuing an official status for this "upcoming" implementation !
I agree with Greg : cPanel, please give us some more informations about the status of this feature request. What does "planned" stand for ?!?
For the time being, the 3rd party plugin does its job quite well... compared to nothing at all !
This is no excuse for cPanel not at least issuing an official status for this "upcoming" implementation !
I agree with Greg : cPanel, please give us some more informations about the status of this feature request. What does "planned" stand for ?!?
For the time being, the 3rd party plugin does its job quite well... compared to nothing at all !
It IS in beta right now. If you listen to talks that LE staff do, it is quite clear it will be in beta for MANY months yet. They are still working on getting Apache working with it right, and nginx has many month's worth of work to catch up. They also have a LOT of work to do with the browser builders and their current system has a physical limit to the number of certificates it CAN issue and they are pretty much at that already. LE does NOT want any more load, and the work that the cPanel devs would face would be immense, as the goalposts will keep shifting, and not by small amounts. Yes, there are scripts out there that work, but I can quite see why cPanel will not include this any time soon. There are 4 release scheduled for cPanel this year. You have had 54, leaving 56, 58 and 60. 56 is already well under way, and there is no sign of LE in that. So, that leaves just 58 and 60. For it to get into 58, the decision would have to be made within 2-3 months, and in that time it is highly unlikely that LE will be ready enough. My guess? Wait for cPanel 60. Or do it yourself for now. There may be a demand right now, but there is not the supply of capacity at LE. My guess is that LE would not want cPanel to include a functional feature yet.
It IS in beta right now. If you listen to talks that LE staff do, it is quite clear it will be in beta for MANY months yet. They are still working on getting Apache working with it right, and nginx has many month's worth of work to catch up. They also have a LOT of work to do with the browser builders and their current system has a physical limit to the number of certificates it CAN issue and they are pretty much at that already. LE does NOT want any more load, and the work that the cPanel devs would face would be immense, as the goalposts will keep shifting, and not by small amounts. Yes, there are scripts out there that work, but I can quite see why cPanel will not include this any time soon. There are 4 release scheduled for cPanel this year. You have had 54, leaving 56, 58 and 60. 56 is already well under way, and there is no sign of LE in that. So, that leaves just 58 and 60. For it to get into 58, the decision would have to be made within 2-3 months, and in that time it is highly unlikely that LE will be ready enough. My guess? Wait for cPanel 60. Or do it yourself for now. There may be a demand right now, but there is not the supply of capacity at LE. My guess is that LE would not want cPanel to include a functional feature yet.
Short answer: We have built a framework for this, but we're holding off on releasing this until LE stabilizes.
Long answer: In the last 5 years cPanel has put increasing focus on customer experience, and extensibility. With Let's Encrypt still in beta and consistently being improved, it has not yet been possible to build stable functionality that meets our standards. The good news is that we have been working directly on this internally, and all of the ground work for that functionality will be in place for v56. We have also been working with Let's Encrypt on this and the current plan is to release a plugin outside of our typical release cycle, as soon as Let's Encrypt stabilizes, that we expect to work on any cPanel & WHM v56+ servers.
Short answer: We have built a framework for this, but we're holding off on releasing this until LE stabilizes.
Long answer: In the last 5 years cPanel has put increasing focus on customer experience, and extensibility. With Let's Encrypt still in beta and consistently being improved, it has not yet been possible to build stable functionality that meets our standards. The good news is that we have been working directly on this internally, and all of the ground work for that functionality will be in place for v56. We have also been working with Let's Encrypt on this and the current plan is to release a plugin outside of our typical release cycle, as soon as Let's Encrypt stabilizes, that we expect to work on any cPanel & WHM v56+ servers.
I would very much like to see the proposed plugin for Let's Encrypt offer the ability to mass-provision certificates for the entire server, one for each domain name, and to include support for cPanel DNS-only systems too -- (to install a hostname certificate so that you're not surprised with certificate warnings when clicking "Fetch the remote access key" while adding new servers to your DNS cluster).
I would very much like to see the proposed plugin for Let's Encrypt offer the ability to mass-provision certificates for the entire server, one for each domain name, and to include support for cPanel DNS-only systems too -- (to install a hostname certificate so that you're not surprised with certificate warnings when clicking "Fetch the remote access key" while adding new servers to your DNS cluster).
I agree, we would like to enable certs by default on all domains and all subdomains without the customer needing to do anything, so the ability to 1- mass enable and 2- enable by default on new domains would be great. Of course letsencrypt ratelimits would need to be managed when doing something like this
I agree, we would like to enable certs by default on all domains and all subdomains without the customer needing to do anything, so the ability to 1- mass enable and 2- enable by default on new domains would be great. Of course letsencrypt ratelimits would need to be managed when doing something like this
Any updates on this feature? I was going to hire someone to install Let's Encrypt but I would rather save the money where I can.
Any updates on this feature? I was going to hire someone to install Let's Encrypt but I would rather save the money where I can.
I definitely would love to see this added. Security is a big issue. With all the Ad-Hoc networks that we are connecting to using our mobile devices, link encryption is mandatory. No one in their right mind would intentionally run unencrypted connections, yet I am forced to do just that because of cost constraints. My ISP does not support Let's Encrypt and the cost for certificates and their required support services, when you look to cover 1/2 dozen domains, are simply unbelievable.
I definitely would love to see this added. Security is a big issue. With all the Ad-Hoc networks that we are connecting to using our mobile devices, link encryption is mandatory. No one in their right mind would intentionally run unencrypted connections, yet I am forced to do just that because of cost constraints. My ISP does not support Let's Encrypt and the cost for certificates and their required support services, when you look to cover 1/2 dozen domains, are simply unbelievable.
Check out https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621 for the time being
Check out https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621 for the time being
We are still working internally on getting this out for you, and we're just as excited about it as you are! Currently we're hoping to see this hit with v58, which should be ready for production around 12-16 weeks from now. Thank you all for your continued interest, and hopefully we'll have something that meets our standards for you soon!
We are still working internally on getting this out for you, and we're just as excited about it as you are! Currently we're hoping to see this hit with v58, which should be ready for production around 12-16 weeks from now. Thank you all for your continued interest, and hopefully we'll have something that meets our standards for you soon!
Let's Encrypt is outta beta!
https://letsencrypt.org//2016/04/12/leaving-beta-new-sponsors.html
Let's Encrypt is outta beta!
https://letsencrypt.org//2016/04/12/leaving-beta-new-sponsors.html
We are still working internally on getting this out for you, and we're just as excited about it as you are! Currently we're hoping to see this hit with v58, which should be ready for production around 12-16 weeks from now.
I don't have any further updates at this time, and I think we've gotten just about all of the clarification on this request that we could ask for, so I'm going to go ahead and lock comments. If anyone new would like to express a desire for this feature, voting is still allowed. I've created a forum thread for any further conversation that folks would like to have, which can be found here:
https://forums.cpanel.net/threads/lets-encrypt-support.538621/
I'll post another update as soon as I have more information, but if you would like to reach out to me directly feel free to email me: benny@cpanel.net
We are still working internally on getting this out for you, and we're just as excited about it as you are! Currently we're hoping to see this hit with v58, which should be ready for production around 12-16 weeks from now.
I don't have any further updates at this time, and I think we've gotten just about all of the clarification on this request that we could ask for, so I'm going to go ahead and lock comments. If anyone new would like to express a desire for this feature, voting is still allowed. I've created a forum thread for any further conversation that folks would like to have, which can be found here:
https://forums.cpanel.net/threads/lets-encrypt-support.538621/
I'll post another update as soon as I have more information, but if you would like to reach out to me directly feel free to email me: benny@cpanel.net
Hey everyone! We're doing much better than anticipated, and have been beta-testing our plugin for just over a week. We're looking for more people to provide feedback at this point. If you're interested, and will be able to provide feedback quickly, then we're interested in talking to you! The first step is to fill out this form. I'll reach out to you later today and get the process started.
http://bit.ly/1TZy6Qh
Hey everyone! We're doing much better than anticipated, and have been beta-testing our plugin for just over a week. We're looking for more people to provide feedback at this point. If you're interested, and will be able to provide feedback quickly, then we're interested in talking to you! The first step is to fill out this form. I'll reach out to you later today and get the process started.
http://bit.ly/1TZy6Qh
Hey everyone! The BETA of the cPanel-provided Let's Encrypt plugin that we're building has been going very well, and we've gotten some incredible feedback from our testers. The public release of the plugin is still on target to be released during the v58 cycle and we will be sharing an updated BETA version with our testers soon. As soon as I have more information I'll let everyone know!
Hey everyone! The BETA of the cPanel-provided Let's Encrypt plugin that we're building has been going very well, and we've gotten some incredible feedback from our testers. The public release of the plugin is still on target to be released during the v58 cycle and we will be sharing an updated BETA version with our testers soon. As soon as I have more information I'll let everyone know!
EDIT: There's also a blog post about this request: https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/
I am so happy to tell you all that the Let's Encrypt plugin has left beta and is now in a public release! If you are running cPanel & WHM version 58.0.17 or above (the EDGE or CURRENT tiers right now), you can now install the plugin using the command line by running this command:
Running that script will add cPanel's repo file and make sure the plugin is up to date, which will add it as a provider to the AutoSSL feature introduced in 58. If you want to enable it after you add it to the server, you will need to do so from WHM.
Please note, there are some domain and subdomain limits that are enforced by Let's Encrypt that we attempt to outline here:
https://documentation.cpanel.net/display/ALD/Manage+AutoSSL
If it becomes necessary, we may add this plugin to the list of plugins provided in the WHM interface in a later version of cPanel & WHM.
I want to mention, the most commonly requested feature in relation to this, SNI support for cpsrvd (which includes webmail, cPanel, WHM, etc) is being tracked in this feature request, and *may* make it in to cPanel & WHM version 60, but may be delayed to version 62:
https://features.cpanel.net/topic/ssl-certificate-per-domain-on-all-services
If you have any questions, or encounter any problems, feel free to comment on the forum thread, send me an email (my username is my email address :D ), or open up a support ticket, as is appropriate.
EDIT: There's also a blog post about this request: https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/
I am so happy to tell you all that the Let's Encrypt plugin has left beta and is now in a public release! If you are running cPanel & WHM version 58.0.17 or above (the EDGE or CURRENT tiers right now), you can now install the plugin using the command line by running this command:
Running that script will add cPanel's repo file and make sure the plugin is up to date, which will add it as a provider to the AutoSSL feature introduced in 58. If you want to enable it after you add it to the server, you will need to do so from WHM.
Please note, there are some domain and subdomain limits that are enforced by Let's Encrypt that we attempt to outline here:
https://documentation.cpanel.net/display/ALD/Manage+AutoSSL
If it becomes necessary, we may add this plugin to the list of plugins provided in the WHM interface in a later version of cPanel & WHM.
I want to mention, the most commonly requested feature in relation to this, SNI support for cpsrvd (which includes webmail, cPanel, WHM, etc) is being tracked in this feature request, and *may* make it in to cPanel & WHM version 60, but may be delayed to version 62:
https://features.cpanel.net/topic/ssl-certificate-per-domain-on-all-services
If you have any questions, or encounter any problems, feel free to comment on the forum thread, send me an email (my username is my email address :D ), or open up a support ticket, as is appropriate.
Replies have been locked on this page!