👀 Choose SSD-powered VPS servers for increased speed, power, and security! Now 50% off- starting from only $3.19/mo.
This article provides a guide for how to install Let's Encrypt for cPanel DNSONLY server.
How to Install Lets Encrypt for cPanel DNSONLY Server
Ensure you meet the prerequisites:
- Completed cPanel DNSONLY installation, on at least an LTS supported version.
- A valid FQDN hostname that resolves on the internet. Take care that you change your hostname first if cPanel assigned you an Automatically-Issued Hostname.
- Ensure port 80/tcp is open on any firewall - it's needed for SSL validation.
-
You will be fetching the package from our yum repository:
wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo
-
Install the package
yum -y install letsencrypt-cpanel-dnsonly
-
Wait for the certificate
The issuing and installation process should run as a post-installation step automatically, completing in your terminal within a minute or so. You should now have a valid certificate on port :2087
Usage
You typically should not need to do anything after installing the package.
How do I perform renewal?
It is automatic. Upon installation, a systemd timer is enabled, which runs twice daily. You may check its status with:
systemctl status fleetssl-dnsonly.timerIf you need to run renewal by hand for some reason, you can just run:
/usr/local/bin/fleetssl-dnsonlyI need to re-install the existing SSL certificate to my cPanel services.You can run the following:
/usr/local/bin/fleetssl-dnsonly -reinstallI want to perform a test renewal to see whether it would work.You can run the following:
/usr/local/bin/fleetssl-dnsonly -dry-runI got stuck and need to reset absolutely everything.
Remove the state file and run the program with the following:
rm -f /var/lib/fleetssl-dnsonly.json && /usr/local/bin/fleetssl-dnsonly
Customizations
Before you install the package, you can apply some customizations as described below. There are some other, advanced customizations available that are not documented here, you'll need to look in the source code if you're interested in them.
I want to include other domain names on the certificate, other than the hostname of the server.This is possible with a comma-separated list of domains.
echo "FLEETSSL_DNSONLY_CERT_HOSTNAMES=dns1.example.org,alternate.example.org,foo.example.org" >> /etc/fleetssl-dnsonly.confI want to register my Let's Encrypt account with an email address so that I can receive renewal reminders in case of any issues.
Remember, you must do this before you install the package, or otherwise remove the state file as described earlier.
echo "FLEETSSL_DNSONLY_ACME_EMAIL_ADDRESS=me@example.com" >> /etc/fleetssl-dnsonly.confI want to change the renewal cutoff from the default of 31 days to something different.
echo "FLEETSSL_DNSONLY_RENEWAL_CUTOFF=31" >> /etc/fleetssl-dnsonly.conf
Conclusion
You now know how to install Lets Encrypt for cPanel DNSONLY server.
