Install Lets Encrypt for cPanel DNSONLY Server

This article provides a guide for how to install Let's Encrypt for cPanel DNSONLY server.


Ensure you meet the prerequisites:

1. You will be fetching the package from our yum repository:

wget -O /etc/yum.repos.d/letsencrypt.repo

2. Install the package

yum -y install letsencrypt-cpanel-dnsonly

3. Wait for the certificate

The issuing and installation process should run as a post-installation step automatically, completing in your terminal within a minute or so. You should now have a valid certificate on port :2087


You typically should not need to do anything after installing the package.


How do I perform renewal?

It is automatic. Upon installation, a systemd timer is enabled, which runs twice daily. You may check its status with:

systemctl status fleetssl-dnsonly.timer
If you need to run renewal by hand for some reason, you can just run:
I need to re-install the existing SSL certificate to my cPanel services.You can run the following:
/usr/local/bin/fleetssl-dnsonly -reinstall
I want to perform a test renewal to see whether it would work.You can run the following:
/usr/local/bin/fleetssl-dnsonly -dry-run
I got stuck and need to reset absolutely everything.

Remove the state file and run the program with the following:

rm -f /var/lib/fleetssl-dnsonly.json && /usr/local/bin/fleetssl-dnsonly


Before you install the package, you can apply some customizations as described below. There are some other, advanced customizations available that are not documented here, you'll need to look in the source code if you're interested in them.

I want to include other domain names on the certificate, other than the hostname of the server.

This is possible with a comma-separated list of domains.

echo ",," >> /etc/fleetssl-dnsonly.conf
I want to register my Let's Encrypt account with an email address so that I can receive renewal reminders in case of any issues.

Remember, you must do this before you install the package, or otherwise remove the state file as described earlier.

echo "" >> /etc/fleetssl-dnsonly.conf
I want to change the renewal cutoff from the default of 31 days to something different.
echo "FLEETSSL_DNSONLY_RENEWAL_CUTOFF=31" >> /etc/fleetssl-dnsonly.conf
  • cpanel dnsonly, dns cluster, lets encrypt, ssl, ssl certificate, cpanel ssl install
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Remove a Service from ChkServd Monitoring for cPanel Servers

This guide requires root user account in server. In some circumstances, ChkservD cPanel...

Assigning a Dedicated IP Address to a Subdomain using WHM

To assign a dedicated IP address to a subdomain, perform the following steps: Step 1: Add the...

Enable Lets Encrypt AutoSSL Provider

This article refers to cPanel version 84 and later. Enable Let's Encrypt for AutoSSL Follow...

How to Fix Incorrect cPanel Account Quotas and Disk Usage

This article will provide a step-by-step guide to fix incorrect account quotas and disk usage on...

How to Uninstall Installatron in WHM cPanel Server

This guide will show you how to quickly uninstall Installatron software from WHM/cPanel server....