haleeth.com

Let’s Encrypt the SSL certificate in Namecheap AutoRenewal

Let’s Encrypt the SSL certificate in Namecheap AutoRenewal

Name Cheap doesn’t support Let’s Encrypt natively, But it provides an option so you can set up Let Encrypt SSL certificates using different utilities like get SSL or ACME.sh, having used both found acme.sh to be quite better and simple to use + it supports auto-renewal too.

Enable SSH to get into your shared hosting server with your Cpanel username. (You can get keys & log in from your terminal or use an inbuilt CPanel terminal for quick access)

Get the certs

# get acme.sh utility
curl https://get.acme.sh | sh

# source the environment variables
source ~/.bashrc

# register your email with Lets's Encrypt to be notified any renewals issue
acme.sh --register-account --accountemail email@example.com

# at this moment a cron entry already has been setup for autorenewal which will auto renew after 60 days., You can update /dev/null to something like this if you need the log
crontab -l | grep acme.sh
10 0 * * * "/home/_CPANEL_USERNAME_/.acme.sh"/acme.sh --cron --home "/home/_CPANEL_USERNAME_/.acme.sh" >> /home/_CPANEL_USERNAME_/.acme_cron_log

Issue a test cert to check if all working

# webroot will be any directory in which your domain exist, give path accordingly.
acme.sh --issue --webroot ~/public_html -d yourdomain.com --staging

Issue an actual Certificate

acme.sh --issue --webroot ~/public_html -d yourdomain.com --force

# In ourput you will see success if all goes fine & key/Certs/chaincerts/csr will be stored under below location, you can refer those if you intend to apply those using cpanel GUI manually
~/.acme.sh/yourdomain.com/

Apply Cert to the website using the Cpanel hook

acme.sh --deploy --deploy-hook cpanel_uapi --domain yourdomain.com

You should be able to see your domain with SSL in CPanel under SSL/TLS -> Manage all certs

Force HTTP-HTTPS redirection

If you see the option to enable you can enforce HTTP from CPanel itself:

cPanel->Domains
Force HTTP-HTTPS redirection

In case it is greyed out, which could be in case you have multiple domains like www.yourdomain.com for which you don’t have the cert, Enable the redirection from the “redirects” or simply add the below lines in the .htaccess file

# always backup as a thumb of rule
vi ~/public_html/.htaccess

OR

vi ./yourdomain.com/.htaccess

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Test your website in a new window with the URL: https://yourdomain.com or http://yourdomain.com (in HTTP it should redirect automatically to HTTPS)

Posted

in

by

haleeth

Tags:

, ,