DEV Community

Let’s Encrypt SSL certificate in Namecheap AutoRenewal – Verified & working – Using ACME.sh

Anuj Singh Tomar on September 18, 2020

NameCheap doesn't support Let's Encrypt natively, But provides option so you can setup LetEncrypt SSL certificates using different utilities like g...
Collapse
 
daveelton profile image
Dave Elton • Edited

The redirect method for www. has a snag. Most browsers seem to look for a www.mydomain.com cert before following the redirect. This results in users seeing a warning and not redirecting.

The solution is to add a second domain arg to each of the commands. EG:

acme.sh --issue --webroot ~/public_html -d mydomain.com -d www.mydomain.com --staging

acme.sh --issue --webroot ~/public_html -d mydomain.com -d www.mydomain.com --force

acme.sh --deploy --deploy-hook cpanel_uapi --domain mydomain.com --domain www.mydomain.com
Enter fullscreen mode Exit fullscreen mode

You'll still want to add the redirect, but this will now avoid the error for users.

Collapse
 
worldtok4u profile image
Emmanuel David

This is indeed an awsome tutorial as following it step by step works.
However the code below seemed not to work so i just skipped it

crontab -l | grep acme.sh
10 0 * * * "/home/_CPANEL_USERNAME_/.acme.sh"/acme.sh --cron --home "/home/_CPANEL_USERNAME_/.acme.sh" >> /home/_CPANEL_USERNAME_/.acme_cron_log
Enter fullscreen mode Exit fullscreen mode

Thanks for the wonderful tutorial

Collapse
 
atomar profile image
Anuj Singh Tomar

Glad that it helped, that code worked fine for me, it is critical too, as i don't want to bother me with running this manually, cronjob takes care of autorenewal, have worked fine for me for more than a year :)

Just check the CPANEL_USername , it would be same id when you log in to your cpanel, it will show with below command on terminal run :
echo $USER
Or in Console note it under: General Information->Current User

Collapse
 
aeiche profile image
Aaron Eiche

This is a bit of an old article, but still relevant. If anyone is following these steps, please be aware that in August of 2021, acme.sh began supporting multiple Certificate Authorities, defaulting to ZeroSSL. In order to use LetsEncrypt, you will need to provide the --server letsencrypt argument to the issue command. It would look something like this:

acme.sh --issue --webroot ~/public_html --server letsencrypt -d yourdomain.com --force

Collapse
 
atomar profile image
Anuj Singh Tomar

Good to know , thanks for sharing

Collapse
 
aeiche profile image
Aaron Eiche

This is a bit of an old article, but still relevant. If anyone is following these steps, please be aware that in August of 2021, acme.sh began supporting multiple Certificate Authorities, defaulting to ZeroSSL. In order to use LetsEncrypt, you will need to provide the --server letsencrypt argument to the issue command. It would look something like this:
acme.sh --issue --webroot ~/public_html --server letsencrypt -d yourdomain.com --force

Collapse
 
saminu profile image
Saminu Eedris

Hey Anuj,

Thanks so much this is so very helpful, having to renew my SSL every 3 months is such a hassle and with this I won't have to do that anymore.

Thanks a lot man!

Collapse
 
rt_dev profile image
Roman Taylor • Edited

Apply Cert to website using cPnel hook

Should say cPanel 🙂

Great post though!

Collapse
 
julian2222 profile image
Julian

thanks so much! This really helped me!

Collapse
 
yanik profile image
Yanik Love

Big Thanks!

Saving me lots of money :)
I was about to switch hosting provider to one that supports let's encrypt!

Had read this post before but it looked too complicated.
After some efforts and patience everything is working now and all my sites are secure, for free, with auto renew on! How cool!! :D

Much gratitude <3

Now what would make it perfect would be a script like :

/ssl domain.com

That would automatically do all the steps, including the www :D
This way it would save some time and avoid typos ^^

Thanks again!

Collapse
 
mannuforall profile image
Manoj Tiwari • Edited

Awesome! Great tutorial. Working very fine.
Pls tell me if I need to disable SSH access again, as the certificate installed successfully.

Collapse
 
atomar profile image
Anuj Singh Tomar

Check if any line break in the cron entry, it can happen when you copy pasted from here, ensure it is a single line without any new line.

Also regarding SSH Access best practice is to keep it disabled, you can enable it again whenever you need.

Collapse
 
mannuforall profile image
Manoj Tiwari

Thanks for the reply. It worked now.

Collapse
 
darkvovich profile image
Vladimir Lugovkin

After command:

At this moment a cron entry already has been setup for autorenewal which will auto renew after 60 days., You can update /dev/null to something like this if you need the log

crontab -l | grep acme.sh
10 0 * * * "/home/CPANEL_USERNAME/.acme.sh"/acme.sh --cron --home "/home/CPANEL_USERNAME/.acme.sh" >> /home/CPANEL_USERNAME/.acme_cron_log

I have error: -bash: 10: command not found

Collapse
 
arielyahav profile image
Ariel-Yahav

This is great!
I keep getting stuck at the --staging issue stage, though. Any idea why I might be getting the following error code (35):
acme.sh --issue --webroot ~/public_html -d breastfeeding.london --staging
[Thu Feb 4 20:51:07 EST 2021] Using ACME_DIRECTORY: acme-staging-v02.api.letsencrypt.o...
[Thu Feb 4 20:51:10 EST 2021] Please refer to curl.haxx.se/libcurl/c/libcurl-err... for error code: 35
[Thu Feb 4 20:51:10 EST 2021] Can not init api.
[Thu Feb 4 20:51:10 EST 2021] Using CA: acme-staging-v02.api.letsencrypt.o...
[Thu Feb 4 20:51:19 EST 2021] Please refer to curl.haxx.se/libcurl/c/libcurl-err... for error code: 35
[Thu Feb 4 20:51:19 EST 2021] Can not init api.
[Thu Feb 4 20:51:19 EST 2021] Registering account: acme-staging-v02.api.letsencrypt.o...
[Thu Feb 4 20:51:22 EST 2021] Please refer to curl.haxx.se/libcurl/c/libcurl-err... for error code: 35
[Thu Feb 4 20:51:22 EST 2021] Could not get nonce, let's try again.

Collapse
 
atomar profile image
Anuj Singh Tomar • Edited

Check if ~/public_html exists Or if your website exits in a different folder , then replace the webroot like below:

acme.sh --issue --webroot ~/breastfeeding.london -d breastfeeding.london --staging

If still same issue check with namecheap support for below error:

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.

Collapse
 
calisomething profile image
Californiasomething

Thanks for posting this. Breezy to follow, and now I shouldn't have to worry about this stuff for a while. I'd been doing it manually for a year now on four of my sites and it was a pain but worth not paying them.

Collapse
 
ianbromwich profile image
Ian B

thank you :) this was really helpful. 🪙

Collapse
 
rafanjani profile image
Rafanjani

hi, thanks for tutorial. I'm getting a error when issue a cert for cpanel.domain.com and webmail.domain.com... the others like domain and mail.domain and domain.com was successful.

When trying issue a cert for webmail i'm getting multiple "processing" and timeout lines. I have a stelar plan from namecheap.

Peace.

Collapse
 
kgolubic profile image
Kruno Golubic

This was very useful for me. Thank you!

Collapse
 
ablewhite profile image
Conan Ablewhite

Helped me no end to get SSL email access back on a couple of domains - thanks for posting!

Collapse
 
fredicious profile image
Fred

This is a great step by step guide, you saved me hours of figuring this out on my own, thanks a lot!

Collapse
 
atomar profile image
Anuj Singh Tomar

Thanks for commenting, Glad that it helped.

Collapse
 
raywick profile image
Anderson Timana

Thanks for the post! It worked great the first time. However, I have a problem when doing this process for other domains in my shared hosting.
I'm getting an error 503 when I try to issue a test certificate. As far as I can see .well-know is blocking the request. Any idea of why it may happen?

Collapse
 
jkyoutubedev profile image
jkaka00912

Hey, i am unable to install on addon domains. The main domain worked perfect, on addon domains I can't do it. Maybe is not possible?
I added the domain.main-domain.com folder too, but I get errors

Collapse
 
jjokah profile image
John Johnson Okah • Edited

Great. I followed the steps last year and it worked.
ALSO, you can just ask NameCheap for a free SSL Certificate; via the LiveChat, they respond immediately.