Enable letsencrypt ssl installation and renewal for cpanel dnsonly
Learn how to enable letsencrypt ssl installation and renewal for cpanel dnsonly.

This post provides a guide for enabling automated LetsEncrypt SSL installation and renewal for cPanel DNSOnly servers.

Enable LetsEncrypt SSL Installation and Renewal for cPanel DNSOnly

Securing your cPanel DNSOnly server with Let’s Encrypt SSL certificates is a straightforward process. This guide walks you through the steps to enable LetsEncrypt SSL installation and renewal for cPanel DNSOnly server.

Prerequisites

  • Access to cPanel DNSOnly Server: SSH access with root privileges.
  • Installed Software: Ensure that certbot (Let’s Encrypt client) is installed on your server.
  • DNS Configuration: Ensure the DNS records for the domain(s) are correctly configured and pointing to your server.

Step 1: Install Certbot

  1. Login to DNSOnly server via SSH.
  2. Update System Packages:
    Run the following command to update your server’s package list:
yum update -y
  1. Install EPEL Repository:
    Certbot is part of the EPEL repository. Install it using:
yum install epel-release -y
  1. Install Certbot:
    Install Certbot by running:
yum install certbot -y

Step 2: Obtain an SSL Certificate

To generate an SSL certificate for a domain managed by your cPanel DNSOnly server:

  1. Run Certbot:
    Use the following command to generate the SSL certificate:
certbot certonly --standalone -d example.com -d www.example.com

Replace example.com and www.example.com with your actual domain names.

  1. Complete the Challenge:
    Certbot will validate your domain ownership through HTTP or DNS challenges. Follow the prompts and ensure port 80 is open for the HTTP challenge.
  2. Verify Certificate Installation:
    Certificates are stored in /etc/letsencrypt/live/example.com/. You can check the directory to confirm:
ls /etc/letsencrypt/live/example.com/

Step 3: Configure SSL for cPanel Services

To use the certificate for cPanel services such as WHM, Webmail, etc.:

  1. Copy Certificate Files:
    Locate your certificates and key:
/etc/letsencrypt/live/example.com/fullchain.pem
/etc/letsencrypt/live/example.com/privkey.pem
  1. Install Certificates in cPanel DNSOnly:
    In WHM:
  • Navigate to Home > Service Configuration > Manage Service SSL Certificates.
  • For each service (cPanel/WHM/Webmail, Dovecot, Exim), upload the fullchain.pem as the certificate and privkey.pem as the key.
  1. Save Changes:
    Apply and save the configuration.

Step 4: Automate Certificate Renewal

Let’s Encrypt certificates are valid for 90 days. Automate the renewal process to avoid downtime:

  1. Test Renewal Command:
    Run:
certbot renew --dry-run

Ensure no errors are reported.

  1. Set Up Cron Job:
    Add a cron job to automate renewal:
crontab -e

Add the following line:

   0 3 * * * certbot renew --quiet && systemctl reload cpsrvd

This runs the renewal command daily at 3 AM and reloads cPanel services to apply renewed certificates.

Step 5: Monitor and Verify

  1. Monitor Renewals:
    Check logs to verify renewals:
cat /var/log/letsencrypt/letsencrypt.log
  1. Verify Active Certificate:
    After renewal, confirm the updated certificate in WHM under Manage Service SSL Certificates.

Troubleshooting

  • Firewall Issues: Ensure port 80 and 443 are open for HTTP and HTTPS traffic.
  • Renewal Errors: Check logs at /var/log/letsencrypt/letsencrypt.log for detailed error messages.
  • DNS Validation Issues: Verify that DNS records are correctly pointing to your server.

By following these steps, you can enable Let’s Encrypt SSL on your cPanel DNSOnly server and ensure certificates are renewed automatically. This enhances the security of your server and ensures compliance with modern web security standards.

Share this:
Avatar of editorial staff

Editorial Staff

Rad Web Hosting is a leading provider of web hosting, Cloud VPS, and Dedicated Servers in Dallas, TX.
lg