Use LetsEncrypt SSL with NameCheap cPanel

July 19, 2019 | Written by: Vishnu

How to enable LetsEncrypt SSL on NameCheap cPanel and automatically update the certificates when they expire.

Introduction

Namecheap is one of the largest registrars in the world and supports Net Neutrality and has a good level of service and support. However their position of not supporting LetsEncrypt’s free SSL certificates is a poorly thought out and implemented strategy. This blog post instructs you on how you can install and automatically update LetsEncrypt certificates.

Method:

Step 1: Enable SSH on your hosting account. Once complete you should be able to see the port available for SSH access. Follow the article here: https://www.namecheap.com/support/knowledgebase/article.aspx/10040/2210/how-to-use-manage-shell-in-cpanel

Step 2: Once you have enabled ssh, log into the hosting server using the command below. Make sure to replace the Username, Port and Server Address with the values for your account and server. 

ssh -l USERNAME -p PORT_PROVIDED_BY_NameCheap SERVER_ADDRESS

Then follow the steps outlined below, these have been adapted from here

Step 3: Run the following command to download acme.sh

curl https://get.acme.sh | sh

Step 4: Log Off and Log On again. You can log off by typing exit.

Step 5: Add your email to get any alerts about errors and so on.

acme.sh --update-account --accountemail emailaddress@EXAMPLE.COM

Step 6: Enter the public html folder if using the root domain or the folder with the addon domain name, if using an addon domain. 

cd public_html

or 

cd addondomain

Stage 7: Before we install the proper certificate we should test by issuing a test certificate. Make sure that this step completes without errors before going on. Replace example.com with your domain.

acme.sh --issue --webroot ~/public_html/ -d EXAMPLE.COM --staging

Stage 8: Issue a real certificate. Replace example.com with your domain.

acme.sh --issue --webroot ~/public_html/ -d EXAMPLE.COM --force

Stage 9: We need to add the certificate to the cPanel database. Replace the username with your cPanel username, and the domain example.com with your domain.

export DEPLOY_cPanel_USER=username
acme.sh --deploy --deploy-hook cpanel_uapi --domain EXAMPLE.COM

Stage 10: Add a cronjob to run every 60 days.

crontab -l
56 0 * * * "/home/EXAMPLE.COM/.acme.sh"/acme.sh --cron --home "/home/EXAMPLE.COM/.acme.sh" > /dev/null

That’s it, the all important lock icon and the https required will work now, without paying a cent. This website is built on that. In future I will have a video tutorial up so that you can see how easy it is to do.

Troubleshooting:

I had trouble with the add email step (step 5), however you can safely skip this if you need to.

For any other help check out the https://github.com/Neilpang/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel

Conclusion

Hopefully this should be relatively straightforward on how to enable letsencrypt on Namecheap. Further this method is superior to the WordPress easy ssl method because you don’t need to manually update the certificates every time they expire.


Leave a Reply

Your email address will not be published. Required fields are marked *