In cPanel & WHM version 58, we introduced a new feature called AutoSSL. I posted about AutoSSL before, but in case you haven’t heard of it yet, here’s more information. AutoSSL allows you to enable a feature in your cPanel & WHM account package which triggers the automatic request and installation of Domain Validated Comodo-signed SSLs for your customers, free of charge. Security is incredibly important to us, and this is a feature we’ve been working on for a very long time.
AutoSSL and Let’s Encrypt
The first hurdle we encountered when researching incorporating Let’s Encrypt’s support to cPanel & WHM was that our development and release cycle is completely out of sync with theirs. To accommodate that while maintaining our standards, we decided to do something we have not done in a while: develop our own plugin to provide support for a third-party application.
The BETA version of that plugin was tested by a fantastic group of beta-testers, on production servers running cPanel & WHM versions 56 and 58. I’m happy to now be able to say that the plugin is available to everyone running cPanel & WHM version 58.0.17 and above. In version 58 the installation is limited to command-line access. Once you are SSH’ed into the server as root, you can just run this command:
/scripts/install_lets_encrypt_autossl_provider
Once installed, Let’s Encrypt will appear in WHM’s Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL), where you can enable the provider.
Please note that there are several domain limits and rate limits associated with the Let’s Encrypt service. For a summary of these limits, read our AutoSSL documentation at http://go.cpanel.net/autossl
Upgrade now to get AutoSSL
AutoSSL reduces the barrier to securing your customer’s sites to zero and makes it a breeze to manage, but AutoSSL is only available on version 58 and above. Since cPanel & WHM version 56 is the last version to support CentOS5 & 32-bit operating systems, this feature won’t be available for CentOS5. If you want AutoSSL, it’s time to migrate to a new operating system! The good news is that the Transfer Tool now makes it easier than ever to migrate all of your system configurations and cPanel accounts. If you haven’t already, definitely take a look!
After upgrading, setting up AutoSSL is easy.
- In WHM, navigate to the AutoSSL interface, and click to toggle “cPanel.”
- Then click Save. The server will automatically do the following:
-
- Add a feature to WHM >> Packages >> Feature Manager named “AutoSSL”
- Add a cronjob ( /etc/cron.d/cpanel_autossl ) to handle the downloading and installation of new SSL certificates for all of your hosted domains.
- Please Note: There are some limitations when dealing with vast numbers of domains that are outside cPanel’s control, which you can read about in our documentation.
Feature requests
AutoSSL is stable and ready for use, and it also already has a feature request on the cPanel & WHM Feature Request site. I’m so excited to see what other requests come in for this brand new feature. If you have more ideas, let us know! You can reach us through any of our social channels for discussion, and you can contact us through our Slack or Discord channels, our cPanel forums, and our official cPanel subreddit. Be sure to subscribe to the cPanel Essentials Briefing List to receive emails about important updates, and check out the Up Next hub for further details!
How much are you making on your 17 buck rapidssl? 10? Thats less than a dollar per month. You will have to sell 10 ssl certs to make the same as from one of your cheapest accounts. I think you should see this as an opportunity to get more clients and upsell the more expensive certs.
If it’s anything like cpnginx then no problem. Cpnginx is actually not serving the https content at all.
It is amazing how many big companies are going to SSL as a standard. It should be, security is by far the biggest concern. I think it is great the cpanel is focused on this!
No problem at all.
Thanks for your explanation. It is clear for me now.
I can definitely understand your confusion. The cPanel Market provider was originally built to help solve the pain point that was SSL installation. With the addition of free DV SSLs (from Let’s Encrypt and Comodo), the Market provider’s use is less obvious. The plan right now is to expand the cPanel Market Provider to include EV and OV certificate sales, and we are hoping to see it expanded to other providers as well.
Hope that helps clear it up, but if it doesn’t please do let me know!
What it is not clear, even reading the cPanel documentation, what is a difference between AutoSSL feature and cPanel store in market provider manager as both are giving possibility to our cPanel users to install SSL. AutoSSL is free of charge and cPanel store is a paid certificates. So what is a reason clients chose paid one when there is a free SSL?
My hosting clients run businesses that expect to pay for services received. It’s not like I’m making more than $6 ~ $20 on each sale. We’re not GoDaddy or 1&1 that gives everything away for free. Additional income actually goes to creating new software and infrastructure.
There is Kmart and then there is Sacks 5th Avenue. If you’re a niche’ hosting provider for small businesses, your target market is not hosting a teenager’s gaming portal. IMHO =)
Oh i see, it’ll be implemented in v60 🙂
Hi
Great function!! How can i get the app in to Cpanel? I have a VPS/WHM with root access…
This is definitely unfortunate from a business perspective, but with Let’s Encrypt and other providers offering free SSLs for a while now the writing was on the wall, and it was just a matter of time before this happened.
There have been 3rd party plugins to enable free SSL support in cPanel for quite some time now, so it just makes sense that cPanel would create their own, which they can have better quality control and support for.
I have to agree with Tommy K, if you intentionally leave this feature disabled your hosting customers *will* eventually notice, and once they realize why you’ve done it it’s just going to erode their trust in your hosting business. I guess it’s time to evaluate which you want more, short-term SSL profits or long-term hosting profits.
Hey there! I totally understand your situation. If I can help in any way in the future, let me know!
Watch your clients look elsewhere for hosting, this is inevitable.
Extremely devastating to our SSL reseller income. We will never enable it.
We don’t test against 3rd party plugins, but it shouldn’t be prevented from working. If you want to make sure, I’d recommend reaching out to the developers to make sure they’ve tested against it. If they have any questions you can recommend they email me: [email protected]
It works with nginxcp?
Thanks for the response! I’ve gone ahead and submitted a ticket.
Hey there! As I was typing out my response I realized I’ve got far too many questions for this forum to be a good one. Would you mind opening up a ticket with us to get these answers? It should be relatively quick and painless, once we get a few more details. https://tickets.cpanel.net/submit/
Thank you so much! I’m so glad to hear it’s working for you. 🙂
Works great so far, but I can’t find any documentation regarding how to create/install service SSL certificates (FTP, Mail, etc.).
Alternatively, is there any way to request additional subdomains be added to the SSL creation request? My server’s hostname is just an A record in DNS and not an actual subdomain, so the hostname doesn’t get added to the certificate request when I use AutoSSL.
Great job the plugin works flawlessly!
Oh! That’s perfect, then. 😀
Oh, I have the official plugin and it’s working. I found the answer to my issue on that site and didn’t realize it was a different plugin. Thanks!
Let’s Encrypt for cPanel is a third party developed plugin, not cPanel’s official one. I talked to Alex and he says that you should be able to just remove that and then enable AutoSSL without a problem. If you’re still seeing problems after that, you can either open a ticket with your webhost or with us ( https://tickets.cpanel.net/submit ).
Ah, it did try to create certs for add-on domains. The Let’s Encrypt HTTP challenge failed: https://letsencrypt-for-cpanel.com/docs/for-admins/troubleshooting/
It sure can! And will, as long as the domain passes validation, and the feature is enabled on their account.
Can AutoSSL generate certs for add-on domains?
Nah, but it seems like you probably hit one of their other limits. I’m glad it’s all worked out now!
Ah – I think I found the issue. On my WHM I’ve got 14 accounts, it looks like it installed about the first 10, but the main one I was testing was 12th on the list. So I disabled a few others, re-ran and now it’s working fine. I’m guessing 10 domains is enough to hit the 20 per week limit?
Nope, it’s for issuing and renewals. They should be created automatically once the plugin is installed, or you can click ‘Run AutoSSL for all Users’ in the AutoSSL interface of WHM. Make sure you’re enabling it for your users individually, or in the feature manager. If you’re still seeing problems after that, definitely open up a ticket with your webhost or our support team: https://tickets.cpanel.net/submit
Enabled – but there’s seems to be no way to actually use this to create a certificate via Lets Encrypt? Is it only for automatic renewals?
Probably worth writing in the notes that it’s not just “version 58” You need, but the latest subversion too. Spend a good few minutes trying to work it out why the script wasn’t working via SSH.
Sounds good, thanks!
We don’t have anything written up, but it ultimately comes down to your preference. Some people like prefer Let’s Encrypt over Comodo, and some people prefer Comodo over Let’s Encrypt.
Thanks, Scott!
Any quick info on why to chose either Let’s Encrypt vs cPanel (powered by Comodo)?
Super write-up! Thanks for your efforts, Benny.
No problem at all!
doh! I meant 58.0.13. But I see .19 is out. Thanks Benny!
Unfortunately, no. AutoSSL was introduced in cPanel & WHM version 58, and the Let’s Encrypt plugin was added in 58.0.17. You will need to upgrade to get AutoSSL.
/scripts/install_lets_encrypt_autossl_provider not apparently in 50.0.13?