Let’s Encrypt offers free SSL certificates necessary for making secure web servers using https protocol. Currently GoDaddy hosting company is offering commercial SSL certificates and providing only defunct instructions for using Let's encrypt certificates. As you can see, this website is running on GoDaddy and it is using fully automated SSL certificates. How did I do that?
First I installed acme.sh using Steve Phillips's awesome instructions. I followed through until "Upload cert and private key via GoDaddy's web interface", where I was supposed to install certificates using cPanel. Let's encrypt certificates have to be renewed every 2-3 months or they will expire and your website stops working properly giving security warnings. Renewing certificates manually at least quarterly was not an option to me.
Reading acme.sh source code revealed that while there is functionality for automatic renewal and installing of certificates using cPanel, it has not been implemented yet. The missing script name is cpanel.sh and it is located at ~/.acme.sh/deploy/cpanel.sh
I wrote the missing script and now it works fully automatically. After the certificate is issued, it is deployed using the following command:
I have submitted my script to acme.sh GitHub, but it might take a while before it will be merged, if ever. Here is my code in case you want to use it. Simply overwrite the original cpanel.sh with it and you are good to go.acme.sh --deploy -d www.mydomain.com --deploy-hook cpanel
(Script updated on 2017-7-10 with the fix hedgehog provided)
Code: Select all
#!/usr/bin/env sh
# Here is the script to deploy the cert to your cpanel using the cpanel API.
# Uses command line uapi. --user option is needed only if run as root.
# Returns 0 when success.
# Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
# Public domain, 2017
#export DEPLOY_CPANEL_USER=myusername
######## Public functions #####################
#domain keyfile certfile cafile fullchain
cpanel_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
# read cert and key files and urlencode both
_certstr=$(cat "$_ccert")
_keystr=$(cat "$_ckey")
_cert=$(php -r "echo urlencode(\"$_certstr\");")
_key=$(php -r "echo urlencode(\"$_keystr\");")
_debug _cert "$_cert"
_debug _key "$_key"
if [ "$(id -u)" = 0 ]; then
_response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
else
_response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
fi
if [ $? -ne 0 ]; then
_err "Error in deploying certificate:"
_err "$_response"
return 1
fi
_debug response "$_response"
_info "Certificate successfully deployed"
return 0
}