cPanel® Blog

Announcing: cPanel & WHM’s Official Let’s Encrypt with AutoSSL Plugin

In cPanel & WHM version 58 we introduced a new feature called AutoSSL. I posted about AutoSSL before, but in case you haven’t heard of it yet: AutoSSL allows you to enable a feature in your cPanel & WHM account package which triggers the automatic request and installation of Domain Validated Comodo-signed SSLs for your customers, free of charge. Security is incredibly important to us, and this is a feature we’ve been working on for a very long time.

AutoSSL and Let’s Encrypt

Let’s Encrypt™ is a new-comer to the certificate authority world, and it has gained popularity very quickly. They, too, offer free Domain Validated SSL certificates, which fits perfectly with AutoSSL. While adding support for Let’s Encrypt wasn’t on our roadmap until earlier this year, it quickly became the highest-voted request on our Feature Request site. That kind of unprecedented community support made us very excited, and our development teams worked hard to find time for it.

The first hurdle we encountered when researching incorporating Let’s Encrypt’s support to cPanel & WHM was that our development and release cycle is completely out of sync with theirs. In order to accommodate that while maintaining our standards we decided to do something we have not done in a while: develop our own plugin to provide support for a third party application.

The BETA version of that plugin was tested by a fantastic group of beta-testers, on production servers running cPanel & WHM versions 56 and 58. I’m elated to now be able to say that the plugin is available to everyone running cPanel & WHM version 58.0.17 and above. In version 58 the installation is limited to command-line access. Once you are SSH’ed into the server as root, you can just run this command:

/scripts/install_lets_encrypt_autossl_provider

Once installed, Let’s Encrypt will appear in WHM’s Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL) where you can enable the provider.

2016-08-08_1627

Please note that there are several domain and rate limits associated with the Let’s Encrypt service. For a summary of these limits, read our AutoSSL documentation at http://go.cpanel.net/autossl

Upgrade now to get AutoSSL

AutoSSL reduces the barrier to securing your customer’s sites to zero, and makes it a breeze to manage, but AutoSSL is only available on version 58 and above. Since cPanel & WHM version 56 is the last version to support CentOS5 & 32-bit operating systems, this feature won’t be available for CentOS5. If you want AutoSSL, it’s time to migrate to a new operating system! The good news is that the Transfer Tool now makes it easier than ever to migrate all of your system configurations and cPanel accounts. If you haven’t already, definitely take a look!

Feature requests

AutoSSL is stable and ready for use, and it also already has a feature request on the cPanel & WHM Feature Request site. I’m so excited to see what other requests come in for this brand new feature. If you have more ideas definitely let us know! Find me on twitter, on the feature request site, or send me an email with your thoughts.

benny Vasquez

scripter, crafter, cPanel’s Manager of Community Engagement. Facilitating communication between cPanel’s amazing development team, and cPanel’s amazing community. Find me on twitter: @cpaneldev

  • It is amazing how many big companies are going to SSL as a standard. It should be, security is by far the biggest concern. I think it is great the cpanel is focused on this!

  • Costas

    What it is not clear, even reading the cPanel documentation, what is a difference between AutoSSL feature and cPanel store in market provider manager as both are giving possibility to our cPanel users to install SSL. AutoSSL is free of charge and cPanel store is a paid certificates. So what is a reason clients chose paid one when there is a free SSL?

    • cPanelbenny

      I can definitely understand your confusion. The cPanel Market provider was originally built to help solve the pain point that was SSL installation. With the addition of free DV SSLs (from Let’s Encrypt and Comodo), the Market provider’s use is less obvious. The plan right now is to expand the cPanel Market Provider to include EV and OV certificate sales, and we are hoping to see it expanded to other providers as well.

      Hope that helps clear it up, but if it doesn’t please do let me know!

      • Costas

        Thanks for your explanation. It is clear for me now.

        • cPanelbenny

          No problem at all.

  • Miguel Migge Annefalk

    Hi
    Great function!! How can i get the app in to Cpanel? I have a VPS/WHM with root access…

    • Miguel Migge Annefalk

      Oh i see, it’ll be implemented in v60 🙂

  • Extremely devastating to our SSL reseller income. We will never enable it.

    • Tommy K

      Watch your clients look elsewhere for hosting, this is inevitable.

      • My hosting clients run businesses that expect to pay for services received. It’s not like I’m making more than $6 ~ $20 on each sale. We’re not GoDaddy or 1&1 that gives everything away for free. Additional income actually goes to creating new software and infrastructure.

    • cPanelbenny

      Hey there! I totally understand your situation. If I can help in any way in the future, let me know!

    • This is definitely unfortunate from a business perspective, but with Let’s Encrypt and other providers offering free SSLs for a while now the writing was on the wall, and it was just a matter of time before this happened.

      There have been 3rd party plugins to enable free SSL support in cPanel for quite some time now, so it just makes sense that cPanel would create their own, which they can have better quality control and support for.

      I have to agree with Tommy K, if you intentionally leave this feature disabled your hosting customers *will* eventually notice, and once they realize why you’ve done it it’s just going to erode their trust in your hosting business. I guess it’s time to evaluate which you want more, short-term SSL profits or long-term hosting profits.

      • There is Kmart and then there is Sacks 5th Avenue. If you’re a niche’ hosting provider for small businesses, your target market is not hosting a teenager’s gaming portal. IMHO =)

        • Tommy K

          How much are you making on your 17 buck rapidssl? 10? Thats less than a dollar per month. You will have to sell 10 ssl certs to make the same as from one of your cheapest accounts. I think you should see this as an opportunity to get more clients and upsell the more expensive certs.

  • It works with nginxcp?

    • cPanelbenny

      We don’t test against 3rd party plugins, but it shouldn’t be prevented from working. If you want to make sure, I’d recommend reaching out to the developers to make sure they’ve tested against it. If they have any questions you can recommend they email me: benny@cpanel.net

    • Tommy K

      If it’s anything like cpnginx then no problem. Cpnginx is actually not serving the https content at all.

  • Works great so far, but I can’t find any documentation regarding how to create/install service SSL certificates (FTP, Mail, etc.).

    Alternatively, is there any way to request additional subdomains be added to the SSL creation request? My server’s hostname is just an A record in DNS and not an actual subdomain, so the hostname doesn’t get added to the certificate request when I use AutoSSL.

    • cPanelbenny

      Hey there! As I was typing out my response I realized I’ve got far too many questions for this forum to be a good one. Would you mind opening up a ticket with us to get these answers? It should be relatively quick and painless, once we get a few more details. https://tickets.cpanel.net/submit/

      • Thanks for the response! I’ve gone ahead and submitted a ticket.

  • Radices

    Great job the plugin works flawlessly!

    • cPanelbenny

      Thank you so much! I’m so glad to hear it’s working for you. 🙂

  • cearls

    Can AutoSSL generate certs for add-on domains?

    • cPanelbenny

      It sure can! And will, as long as the domain passes validation, and the feature is enabled on their account.

      • cearls

        Ah, it did try to create certs for add-on domains. The Let’s Encrypt HTTP challenge failed: https://letsencrypt-for-cpanel.com/docs/for-admins/troubleshooting/

        • cPanelbenny

          Let’s Encrypt for cPanel is a third party developed plugin, not cPanel’s official one. I talked to Alex and he says that you should be able to just remove that and then enable AutoSSL without a problem. If you’re still seeing problems after that, you can either open a ticket with your webhost or with us ( https://tickets.cpanel.net/submit ).

          • cearls

            Oh, I have the official plugin and it’s working. I found the answer to my issue on that site and didn’t realize it was a different plugin. Thanks!

          • cPanelbenny

            Oh! That’s perfect, then. 😀

  • Enabled – but there’s seems to be no way to actually use this to create a certificate via Lets Encrypt? Is it only for automatic renewals?

    • cPanelbenny

      Nope, it’s for issuing and renewals. They should be created automatically once the plugin is installed, or you can click ‘Run AutoSSL for all Users’ in the AutoSSL interface of WHM. Make sure you’re enabling it for your users individually, or in the feature manager. If you’re still seeing problems after that, definitely open up a ticket with your webhost or our support team: https://tickets.cpanel.net/submit

      • Ah – I think I found the issue. On my WHM I’ve got 14 accounts, it looks like it installed about the first 10, but the main one I was testing was 12th on the list. So I disabled a few others, re-ran and now it’s working fine. I’m guessing 10 domains is enough to hit the 20 per week limit?

        • cPanelbenny

          Nah, but it seems like you probably hit one of their other limits. I’m glad it’s all worked out now!

  • Probably worth writing in the notes that it’s not just “version 58” You need, but the latest subversion too. Spend a good few minutes trying to work it out why the script wasn’t working via SSH.

  • Jon

    Any quick info on why to chose either Let’s Encrypt vs cPanel (powered by Comodo)?

    • cPanelbenny

      We don’t have anything written up, but it ultimately comes down to your preference. Some people like prefer Let’s Encrypt over Comodo, and some people prefer Comodo over Let’s Encrypt.

      • Jon

        Sounds good, thanks!

  • Scott Neader

    Super write-up! Thanks for your efforts, Benny.

    • cPanelbenny

      Thanks, Scott!

  • Jarvis

    /scripts/install_lets_encrypt_autossl_provider not apparently in 50.0.13?

    • cPanelbenny

      Unfortunately, no. AutoSSL was introduced in cPanel & WHM version 58, and the Let’s Encrypt plugin was added in 58.0.17. You will need to upgrade to get AutoSSL.

      • Jarvis

        doh! I meant 58.0.13. But I see .19 is out. Thanks Benny!

        • cPanelbenny

          No problem at all!