DEV Community

loading...

Let’s Encrypt SSL certificate in Namecheap AutoRenewal – Verified & working – Using ACME.sh

Anuj Singh Tomar
DevOps Enginner
・2 min read

NameCheap doesn't support Let's Encrypt natively, But provides option so you can setup LetEncrypt SSL certificates using different utilities like getSSL or ACME.sh, having used both found acme.sh to be quite better and simple to use + it supports auto renewal too.

1 - Enable SSH to get into your shared hosting server with your cpanel username.(You can get keys & login from your terminal or use inbuilt capnel terminal for quick access)

2 - Get the certs

#Get acme.sh utility
curl https://get.acme.sh | sh

#Source the Environment variables
source ~/.bashrc

#Register your email with Lets's Encrypt to be notified any renewals issue
acme.sh --register-account --accountemail email@example.com

# At this moment a cron entry already has been setup for autorenewal which will auto renew after 60 days., You can update /dev/null to something like this if you need the log
crontab -l | grep acme.sh
10 0 * * * "/home/_CPANEL_USERNAME_/.acme.sh"/acme.sh --cron --home "/home/_CPANEL_USERNAME_/.acme.sh" >> /home/_CPANEL_USERNAME_/.acme_cron_log

4 – Issue a test cert to check if all working

#webroot will be any directory in which your domain exist, give path accordingly.
acme.sh --issue --webroot ~/public_html -d yourdomain.com --staging

5 – issue an actual Certificate

acme.sh --issue --webroot ~/public_html -d yourdomain.com --force

#In ourput you will see success if all goes fine & key/Certs/chaincerts/csr will be stored under below location, you can refer those if you intend to apply those using cpanel GUI manually

~/.acme.sh/yourdomain.com/

6 - Apply Cert to website using cPnel hook

acme.sh --deploy --deploy-hook cpanel_uapi --domain yourdomain.com

7 – You should be able to see your domain with SSL in cpanel under SSL/TLS -> Manage all certs

Alt Text

8 - Force HTTP-HTTPS redirection
If you see option to enable you can enforce HTTP from cpanel itself:

cPanel->Domains

Alt Text

In case it is greyed out, which could be in case you have multiple domains like www.yourdomain.com for which you don’t have the cert , Enable the redirection from “redirects” or simply add below lines in .htaccess file

#always backup as a thumb of rule
vi ~/public_html/.htaccess 

Or

vi ./yourdomain.com/.htaccess 

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

9 – test your website in new window with URL: https://yourdomain.com or http://yourdomain.com( in http it should redirect automatically to https)

So you are all done now, If you need a more detailed Article you can checkout the original article on below link:
devops.egyan.space

Discussion (15)

Collapse
daveelton profile image
Dave Elton • Edited

The redirect method for www. has a snag. Most browsers seem to look for a www.mydomain.com cert before following the redirect. This results in users seeing a warning and not redirecting.

The solution is to add a second domain arg to each of the commands. EG:

acme.sh --issue --webroot ~/public_html -d mydomain.com -d www.mydomain.com --staging

acme.sh --issue --webroot ~/public_html -d mydomain.com -d www.mydomain.com --force

acme.sh --deploy --deploy-hook cpanel_uapi --domain mydomain.com --domain www.mydomain.com
Enter fullscreen mode Exit fullscreen mode

You'll still want to add the redirect, but this will now avoid the error for users.

Collapse
arielyahav profile image
Ariel-Yahav

This is great!
I keep getting stuck at the --staging issue stage, though. Any idea why I might be getting the following error code (35):
acme.sh --issue --webroot ~/public_html -d breastfeeding.london --staging
[Thu Feb 4 20:51:07 EST 2021] Using ACME_DIRECTORY: acme-staging-v02.api.letsencrypt.o...
[Thu Feb 4 20:51:10 EST 2021] Please refer to curl.haxx.se/libcurl/c/libcurl-err... for error code: 35
[Thu Feb 4 20:51:10 EST 2021] Can not init api.
[Thu Feb 4 20:51:10 EST 2021] Using CA: acme-staging-v02.api.letsencrypt.o...
[Thu Feb 4 20:51:19 EST 2021] Please refer to curl.haxx.se/libcurl/c/libcurl-err... for error code: 35
[Thu Feb 4 20:51:19 EST 2021] Can not init api.
[Thu Feb 4 20:51:19 EST 2021] Registering account: acme-staging-v02.api.letsencrypt.o...
[Thu Feb 4 20:51:22 EST 2021] Please refer to curl.haxx.se/libcurl/c/libcurl-err... for error code: 35
[Thu Feb 4 20:51:22 EST 2021] Could not get nonce, let's try again.

Collapse
atomar profile image
Anuj Singh Tomar Author • Edited

Check if ~/public_html exists Or if your website exits in a different folder , then replace the webroot like below:

acme.sh --issue --webroot ~/breastfeeding.london -d breastfeeding.london --staging

If still same issue check with namecheap support for below error:

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.

Collapse
yanik profile image
Yanik Love

Big Thanks!

Saving me lots of money :)
I was about to switch hosting provider to one that supports let's encrypt!

Had read this post before but it looked too complicated.
After some efforts and patience everything is working now and all my sites are secure, for free, with auto renew on! How cool!! :D

Much gratitude <3

Now what would make it perfect would be a script like :

/ssl domain.com

That would automatically do all the steps, including the www :D
This way it would save some time and avoid typos ^^

Thanks again!

Collapse
mannuforall profile image
Manoj Tiwari • Edited

Awesome! Great tutorial. Working very fine.
Pls tell me if I need to disable SSH access again, as the certificate installed successfully.

Collapse
atomar profile image
Anuj Singh Tomar Author

Check if any line break in the cron entry, it can happen when you copy pasted from here, ensure it is a single line without any new line.

Also regarding SSH Access best practice is to keep it disabled, you can enable it again whenever you need.

Collapse
mannuforall profile image
Manoj Tiwari

Thanks for the reply. It worked now.

Collapse
ablewhite profile image
Conan Ablewhite

Helped me no end to get SSL email access back on a couple of domains - thanks for posting!

Collapse
ianbromwich profile image
Mr Rager

thank you :) this was really helpful. 🪙

Collapse
darkvovich profile image
Vladimir Lugovkin

After command:

At this moment a cron entry already has been setup for autorenewal which will auto renew after 60 days., You can update /dev/null to something like this if you need the log

crontab -l | grep acme.sh
10 0 * * * "/home/CPANEL_USERNAME/.acme.sh"/acme.sh --cron --home "/home/CPANEL_USERNAME/.acme.sh" >> /home/CPANEL_USERNAME/.acme_cron_log

I have error: -bash: 10: command not found

Collapse
fredicious profile image
Fred

This is a great step by step guide, you saved me hours of figuring this out on my own, thanks a lot!

Collapse
atomar profile image
Anuj Singh Tomar Author

Thanks for commenting, Glad that it helped.

Collapse
rafanjani profile image
Rafanjani

hi, thanks for tutorial. I'm getting a error when issue a cert for cpanel.domain.com and webmail.domain.com... the others like domain and mail.domain and domain.com was successful.

When trying issue a cert for webmail i'm getting multiple "processing" and timeout lines. I have a stelar plan from namecheap.

Peace.

Collapse
kgolubic profile image
Kruno Golubic

This was very useful for me. Thank you!