cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Add Let's Encrypt as CA to the SSL Wizard Market Providers

NetVicious shared this idea 3 years ago
Open Discussion

As a server administrator I would like cPanel to integrate the AutoSSL and Market Providers such that my clients can use the SSL wizard to manage any SSL that is issued on the server, including SSLs issued through the Let's Encrypt AutoSSL plugin


----


I got the Let's Encrypt (LE) module installed on my Managed VPS with cPanel v64 but I thought I should got more control about the certs LE assign to my hosted domains.


First of all I don't want to show on the cert I'm hosting all the domains now the plugin it's registering.


I want to maintain the domains separated, so domain1 should not be on the same cert than domain2 and so on.


I see now there it's not any tool for the user to manage the LE certificates.


IMHO the best way to do this it should be with the SSL Wizard. The Let's Encrypt should be another CA plus the current ones Comodo and cPanel.


Now for a DV we see on the SSL Wizard these options:

- cPanel DV SSL Certificate

- Comodo DV SSL Certificate


With the feature I'm requesting we should see one for the LE like:


- Let's Encrypt DV SSL Certificate


That certificate should be created within the domains we selected like we do now with the Comodo and cPanel CAs.


After that creation cPanel AutoSSL should do it's magic to renew they when it's needed.


That will solve a lot of problems, with the max limit of subdomains a LE cert can take, and the problem related to people who don't want a SSL cert in some domains. And it will solve also my request about don't show all the hosted domains in the info of the cert of one domain.

Comments (3)

photo
1

Being able to use cPanel to "order" a certificate from Let's Encrypt would be most useful.  In my specific scenario, I want to be able to use cPanel to obtain a certificate or, ideally, a wildcard certificate from Let's Encrypt for use in both cPanel&WHM and on a couple subdomains remotely hosted from my home Internet connection.  I realize my particular use case may not line up exactly with what was originally envisioned but I hope this can serve as one such example.

The following feature request also relates to my specific scenario, combining both Let's Encrypt as a Market Provider and the possibility of obtaining Let's Encrypt wildcard certificates.

https://features.cpanel.net/topic/lets-encrypt-wildcard-certificates

photo
1

Hi! I’m one of the developers who’s worked on AutoSSL and the cPanel Market’s SSL support. Let me see if I can help you out.


> I want to maintain the domains separated, so domain1 should not be on the same cert than domain2 and so on.


The Let’s Encrypt AutoSSL provider groups certificates by registered domain in order to mitigate the effects of Let’s Encrypt’s rate limiting. While some larger hosts have arrangements with Let’s Encrypt to arrange higher rate limits, most of our customers don’t.

Have you tried the default AutoSSL provider instead of Let’s Encrypt? The rate limits are higher, and you may be able to secure more domains because Comodo implements more of the CA/Browser Forum’s allowed logic for DCV.

Regarding your desire to control the specific domains that AutoSSL secures, have you looked at the “SSL/TLS Status” page? There are controls there to exclude specific domains from AutoSSL; you can use these to tailor your SSL coverage to just the domains that you want.

photo
1

The scenario I'm having problems with the current Let's Encrypt operation it's:

One cPanel account with several domains, some of they doesn't has anything related with others.

Initially the Let's Encrypt plugin created only one certificate for all the domains on the cPanel account. Obviously I don't want to have a certificate for the X site, where it appears Y site as alternative dns name.

I saw the SSL/TLS status page where we can mark a domain to not be added to a Let's Encrypt certificate, but that's not all the fine grain I need.


On the last versions of the Let's Encrypt plugin this seems to be changed a bit, and now it seems to not mix different domains in a same certificate. I didn't tested this because due to the initial behaviour of the Let's Encrypt plugin I'm yet working with manually uploaded certificates to my cPanel. I'm creating these certificates with a command line tool which in addition allows me to create wildcard certificates.

photo
1

@NetVicious: Have you tried the default AutoSSL plugin rather than Let’s Encrypt?

As I mentioned above, we combine domains for Let’s Encrypt because of the rate limiting issues. The default AutoSSL provider doesn’t have that problem, so we don’t combine domains there.

The default AutoSSL provider also uses more extensive DCV logic than Let’s Encrypt, so you’ll be more likely to get certificates that have all of the domains you want.

photo
1

Why pay for something free which it's better than the paid one? As I said I'm currently creating the Let's Encrypt certificates manually and uploading they to the cPanel each 3 months. It's not perfect but it saves my money.

photo
1

@NetVicious: The default AutoSSL provider produces free certificates, too. (They’re included as part of your cPanel license.)

Just go into WHM’s AutoSSL configuration page and choose the “cPanel Store” provider.

photo
1

Free self-signed certificates? No way!

photo
1

@NetVicious they’re signed by Comodo. And they’re free. (… or, rather, your license fee includes them)

photo
1

On my cPanel I don't see any free certificate. It seems my ISP removed they.

photo
1

@NetVicious The free Comodo-signed certificates via AutoSSL are controlled by the server administrator, yes.


For that matter, each product in the TLS Wizard is also subject to administrator approval.

Have you inquired to your hosting provider as to whether they would be willing to enable AutoSSL?

photo