User Guide

This section will outline basic usage of the plugin.

If you prefer a video format, check out our YouTube video.

Locating the plugin

Find the “Let’s Encrypt for cPanel” icon in the “Security” category, or by searching for “Let” or “ssl” in the top search bar:

The very first time you visit this page may take a few seconds, as it will register an anonymous account key with the Let’s Encrypt CA.

The Interface

The interface is split into two sections.

The first section will list all of your domains that have “Let’s Encrypt” certificates issued, their expiry, and options to remove, reinstall and view them:

The second section will list all of the domains configured in your account that are eligible to have a certificate issued for. Please note, redirected domains are unable to have a certificate issused.

Issuing a new certificate

Prerequisites

There are two important prerequisites to be met in order for a certificate to be able to issued:

  • The domain name(s) you want signed must be pointing to this cPanel server already
  • The Let’s Encrypt CA must be able to visit http://your-domain/.well-known/acme-challenge/xxx successfully.

These directories/files will be created automatically, but you should take care that you do not have any .htaccess rules that prevent access.

Most users will fulfil these requirements automatically.

Issuing Process

First, click the + Issue button to the right of the domain you wish to issue a certificate for. Please note, any you will be able to select any extra domains to include on the certificate in the next screen.

Ensure that all of the domains you wish to include in this certificate are selected as included and click ‘Issue’. The process may take anywhere from 10 to 45 seconds, so do not navigate away from the page.

At completion, the keys and certificates should be installed on the server, with a success message:

If you receive an error message, please check Troubleshooting.

Renewing certificates

Certificate renewal is automatic in the background.

Your certificate will be attempted to be renewed every day from the point it is 30 days from expiring.

The prerequisites listed above for issuing must still be met during the renewal attempts, or the attempts will fail.

You will receieve an email for any attempt to renew, be it successful or failed, to the email account attached to your cPanel account.

Reinstalling certificates

The certificate can be reinstalled at any time through the “Reinstall” action. Possible reasons for reinstalling can be enabling SSL for mail servers post-issuing, or if the certificate was removed from the SSL/TLS manager.

The status column will show the current status of the certificate on the system. If for any reason the certificate was removed from the SSL/TLS manager without being removed from the Let’s Encrypt plugin page, this status column will display “Uninstalled”.

Removing certificates

To uninstall a certificate, it is best to press “Remove” on the Let’s Encrypt for cPanel plugin page, rather than doing through the SSL/TLS Manager that comes with cPanel.

This is because our uninstall process also removes the key and certificate from the manager, in one click.

Please note that uninstalling a certificate will not revoke it at the Let’s Encrypt CA.

You may wish to back up the private keys before you perform any uninstallations, as they are irretrevable, and you will require them if you want to use any of your previous certificates again.

Configuration file

All configuration and certificates are stored in ~/.cpanel/nvdata/letsencrypt-cpanel. We recommend you keep a backup copy of this file.

This file is also transferrable between hosts or users.