Locating the plugin
Find the “Let’s Encrypt™ for cPanel” icon in the “Security” category, or by searching for “Let” or “ssl” in the top search bar:
The very first time you visit this page may take a few seconds, as it will register an anonymous account key with the Let’s Encrypt™ CA.
The Interface
The interface is split into two sections. The first section will list all of your domains that have “Let’s Encrypt™” certificates issued, their expiry, and options to remove, reinstall and view them:
The second section will list all of the domains configured in your account that are eligible to have a certificate issued for. Please note, redirected domains are unable to have a certificate issused.
Issuing a new certificate
Prerequisites
There are two important prerequisites to be met in order for a certificate to be able to issued:
Info
The domain name(s) you want signed must be pointing to this cPanel server already
The Let’s Encrypt™ CA must be able to visit http://your-domain/.well-known/acme-challenge/xxx successfully.
These directories/files will be created automatically, but you should take care that you do not have any .htaccess rules that prevent access. Most users will fulfil these requirements automatically.
Issuing Process
First, click the + Issue button to the right of the domain you wish to issue a certificate for. Please note, you will be able to select any extra domains to include on the certificate in the next screen.
Ensure that all of the domains you wish to include in this certificate are selected as included and click ‘Issue’. The process may take anywhere from 10 to 45 seconds, so do not navigate away from the page. At completion, the keys and certificates should be installed on the server, with a success message:
If you receive an error message, please check Troubleshooting.
Renewing certificates
Certificate renewal is automatic in the background. Your certificate will be attempted to be renewed every day from the point it is 30 days from expiring. The prerequisites listed above for issuing must still be met during the renewal attempts, or the attempts will fail.
Reinstalling certificates
The certificate can be reinstalled at any time through the “Reinstall” action. Possible reasons for reinstalling can be enabling SSL for mail servers post-issuing, or if the certificate was removed from the SSL/TLS manager. The status column will show the current status of the certificate on the system. If for any reason the certificate was removed from the SSL/TLS manager without being removed from the Let’s Encrypt™ plugin page, this status column will display “Uninstalled”.
Removing certificates
To uninstall a certificate, it is best to press “Remove” on the Let’s Encrypt™ for cPanel plugin page, rather than doing through the SSL/TLS Manager that comes with cPanel. This is because our uninstall process also removes the key and certificate from the manager, in one click. Please note that uninstalling a certificate will not revoke it at the Let’s Encrypt™ CA. You may wish to back up the private keys before you perform any uninstallations, as they are irretrievable, and you will require them if you want to use any of your previous certificates again.
Configuration file
All configuration and certificates are stored in ~/.cpanel/nvdata/letsencrypt-cpanel. We recommend you keep a backup copy of this file.