Ensuring your reseller hosting account security doesn’t need to be expensive. It is now possible to install free SSL certificates.

Background

Owners of reseller hosting accounts need Security Sockets Layer (SSL) certificates from a reliable Certificate Authority (CA). The free SSL certificate is added to accounts allocated to account packages including the Auto SSL in your feature list. Although the free version does not have the same trust level as the paid SSL, it marks the course the Internet must take in terms of security.

Free certificates are not covered by warranty for data breach and misuse. The cPanel-powered free SSL certificate contains a 90-day lifecycle. It will be renewed and reinstalled automatically one week before expiry. As reseller, you and your customers are not compelled to initiate any move for certification renewal.

To obtain this free certification, you need a Certificate Signing Request (CSR), WHOIS protocol record, and corporate validation records before making the order. Have the CA validate your company and domain. You receive and install the issued SSL.

Let’s Encrypt

It is possible to obtain the free and fast SSL as well as Hypertext Transfer Protocol (HTTPS) in cPanel using Let’s Encrypt open source CA. The Authority offers SSL certificates free of charge for a maximum number of domains.  There is a straightforward way of integrating the Certificate with cPanel for automated and one-click installation which only takes a few seconds to finish. For hosting companies that do not support Let’s Encrypt, you can ask them to request support for this Certificate Authority.

Let’s Encrypt and the Automatic Certificate Management Environment Protocol (ACME) install an HTTPS server. It automatically secures a browser-trusted certificate without human intervention. This task is achieved by operating a certificate management agent (CMA) on the server. The two-step process consists of the following:

  • The agent must confirm to the Certificate Authority the web server runs on a domain.
  • This agent can request, renew, or invalidate security certificates for that domain.

This CA is enabled for all the new and current web hosting as well as reseller hosting cPanel accounts.  To determine if Let’s Encrypt has been enabled for your account, click the SSL or TLS button located in the cPanel Security Section. You can click either of these options for the SSL certificates:

  • Generate
  • View
  • Upload
  • Delete

You can now see Let’s Encrypt in the Issuer column on the succeeding page unless other certificates (not this brand) have been installed previously. After this Certificate Authority is enabled for your hosting account, there are no subsequent tasks. The whole system of installing, generating, and renewing Security Sockets Layer certificates is completed without human intervention. If the CA is already activated, certificates are made for each domain and any domain that you include in the future.

How to Troubleshoot

To reiterate, this CA is facilitated by default. Yet, there are cases it is not possible to create the SSL certification for any account automatically.  The instances are the following:

  • Another type of SSL certificate was installed regardless of whether it is valid, expired or elapsed, or self-signed. The Let’s Encrypt installer will omit the domain. Hence, no certificate is generated.
  • URL Rewrite rules that obstruct access to PUBLIC_HTML or the well-known directory can prevent this CA from coming up with a certificate. In case you use Uniform Resource Locator rewrite rules, it is possible to add the given line to .htaccess so the well-known directory is accessible.

Validation of Domains

Let’s Encrypt pinpoints the server administrator using a public key cryptography. The interaction of the software with the CA results in another key pair which means the server has control over the domain(s). To begin the process, The CMA requests Let’s Encrypt to prove it controls example.com. The Certification Authority also provides a random number or set of numbers the agent must sign using the private key.

Let’s Encrypt completes validation after the agent accomplishes pertinent procedures. As the legitimate Certification Authority, it also makes sure all challenges are met and confirms the signature on the authentication protocol. Let’s Encrypt tries downloading the file from the server ensuring it contains the acceptable content.

Activation Steps

To activate Let’s Encrypt CA, log into your hosting control panel. You will receive the hosting account details after procurement of the package. If the login details failed to function or you forgot the information, reset by performing the following:

Request and Install Let’s Encrypt Certificate.

  • Log in to the Direct Admin.
  • Click the domain name.
  • Click SSL Certificates you will find beneath Advanced Features.

See to it your website is prepared to use SSL certificates. Proceed to the Direct Admin home screen. Click Domain Administration. Click Domain Name. Check the Secure SSL.

Choose a symbolic link from private to public HTML. It enables the same dates for http and https to continue using files from the Public_HTML folder. Move the files to Private_HTML folder if you do not want this option. You can facilitate an HTTPS connection for your site’s visitors after the certificate is installed.

Adding Process

Let’s Encrypt for cPanel Installation including Plugin

  • Log in to SSH client at the root level. Include Let’s Encrypt repository using the following command:

cd/etc/yum.repos.d/&& wget

https://letsencrypt-for-cpanel.com/static/letsencrypt.repo

  • Install cPanel plugin. Installation normally takes around 1 minute. A test will run automatically if the installation is successful.
  • At this point, log in to your cPanel account to install your initial certificate.

Certificate Installation

You can view Let’s Encrypt for cPanel button under Security after logging in to cPanel.

  • Click to access active domains list before installing the SSL certificate. You will see Issue a New Certificate Section at the bottom of the page. The active domains include variations (with and without the www prefix).
  • Check multiple boxes if you need to install two or more certificates at one time. Or, click Issue Single link next to the domain where you prefer to install the SSL certificate.
  • Click any Issue Multiple links on top or end of the list if you check more than one box.
  • Click checkboxes beside the domains you do not want included in case you chose several of these in the preceding page. Choose the domain you want primary users to visit.
  • Check the box marked Install mail SMTPS/PO3S/IMAPS SSL certificate if you prefer one domain to access your email.
  • Click Issue to install your SSL.

The process usually takes between 10 and 45 seconds depending on the number of selected certificates for issuance. A message will pop up notifying you of successful installation upon completion of procedures. Try again if there was an error. It normally works after the first time. You can view the domains with installed certificates found at the top of the web page upon returning to the main page. Click the Remove Links in deleting certificates one after another. Otherwise, reinstall the link to renew certificates before expiration date.

Free Plugin Concerns

There are risks in installing plugins because regular upkeep and security cannot be guaranteed. Make sure to check the developer of suggested plugins by examining the Let’s Encrypt cPanel plugin source or storage. To install the Plugin of cPanel, perform the following steps:

  • Log into your server root via SSH and run the prescribed command required in downloading the plugin package to your web server.
  • Navigate to the directory created for that plugin.
  • Install the plugin by entering the given command.

You may install your first SSL certificate after receiving the notification saying that you successfully installed Let’s Encrypt manager.

  • Proceed to Security and click the Let’s Encrypt link after logging into cPanel.
  • Click the New SSL Certificate tab you will find on the Management Page.
  • Pick one of your domains registered to your cPanel account. Click the Submit icon to begin the installation of your certificate.
  • Wait for around 10 seconds. You will be redirected to the main page through a message informing you of the successful installation. The domain registered on the page will appear as well. You can also see several details listed on that page after installation.
  • You will find a certificate for the domain installed automatically (main domain and www prefix) beside the domain on that list. It includes the certification’s expiry date together with the number of days left until the termination.

Know the Different Options

Understand all the possibilities and options. For example, you can trust certain plugins more than others. To be sure, practice the necessary caution prior to installing any cPanel plugin. You may encounter some issues. Do not hesitate to get in touch with your host’s technical support team which is usually available 24/7. There are many ways like live chat, email enquiries, support ticket, and forums to address problems that users generally encounter along the way.