Search The Hostwinds Guides Knowledge Base

Free SSL from Let’s Encrypt

Share This Article

What is Let’s Encrypt?

Let’s Encrypt is a Certificate Authority (CA) that provides free Secure Socket Layer (SSL) certificate to enable verified HTTPS on your website.  They will provide you with an SSL Certificate if you can prove domain ownership through the ACME Protocol.  The software runs on your web host and verifies the domain is connected to the server. The certificates themselves can be obtained through Let’s Encrypt’s certbot client, or set up through WHM in the AutoSSL configuration page. 

Let’s Encrypt is only available on our VPS and Dedicated servers. Our Shared, Business, and Reseller hosting all benefit from cPanel’s automated AutoSSL tool that provides the same type of SSLs with the difference being they are issued by cPanel powered by Sectigo® instead of Let’s Encrypt.

How Do I Enable Let’s Encrypt in WHM?

Enabling Let’s Encrypt in WHM is actually an easy and seamless process. After logging in to WHM as the root user on your server, click the SSL/TLS icon on the main WHM page, then click Manage AutoSSL. On this page you can select a provider and it should display cPanel’s default provider as well as Let’s Encrypt. Selecting Let’s Encrypt will require that you agree to the terms of use, and it can be done on the Manage AutoSSL page in WHM. Please see the following screenshots for a walkthrough.

Step One: Navigate to the WHM Home Page, click the SSL/TLS Icon

Step Two: Select Manage AutoSSL

Step Three:

  1. Select Let’s Encrypt from the list of AutoSSL Providers.
  2. Click the ‘I agree to these terms of service.’ button after reading the Terms for Let’s Encrypt.
  3. Ensure the Box next to ‘Create a new registration with the provider.’ is unselected
  4. Click the Blue Save Button.

If you do not see Let’s Encrypt as a provider on this screen, you will need to install the module that allows this. WHM has a built in script for this. You will need to log into the server over SSH as the root user and run the following command:

/scripts/install_lets_encrypt_autossl_provider

Let’s Encrypt imposes significant rate limits, and some features that are available with cPanel’s AutoSSL provider are not available with Let’s Encrypt. If you require some of the features cPanel’s provider allows, or you are being rate limited by Let’s Encrypt, you may want to switch back to cPanel’s AutoSSL provider.

What About From Inside cPanel?

While the AutoSSL Certificate Provider can only be changed from within WHM, from inside cPanel, you can run the AutoSSL feature manually to help speed up the process of getting an SSL Certificate. We have a guide that can assist with doing this here.

How to Utilize Let’s Encrypt on the Linux Command Line

Let’s Encrypt provides the certbot software to not only automate the requesting of the certificates but also to integrate the certificates automatically with common web services such as Nginx and Apache. We will cover installation and obtaining your first certificate for CentOS and Ubuntu using the Apache plugin to not only request the certificate but also install the certificate automatically.

Installing On CentOS 7

To utilize Let’s Encrypt certificates with Apache on CentOS 7, you’ll need to install a couple of things first. This guide assumes you already have at least Apache set up as a web service. Once ready, log into the server over SSH and run the following commands as root.

These commands will install the EPEL (Extended Packages for Enterprise Linux) Release repository which houses their stable packages and then install the certbot client with the Apache plugin already installed. Since the packages are now installed, we can continue by setting up your first SSL.

If you are using Nginx as your web server, you can instead run the following commands as the root user,

Installing On Ubuntu (18.04)

Step One: Add the Certbot PPA repo to the repo list using the following commands,

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

Step Two: After those commands have been run, and they execute successfully, you will then want to install the certbot software for obtaining the SSL Certificate. This can be done using the following commands:

sudo apt-get install certbot python-certbot-apache

Or if you are using Nginx for your webserver, you can use the following command,

sudo apt-get install certbot python-certbot-nginx

Running Certbot On The Server

While logged into the server as root, you’ll want to run the command certbot --apache if you are using Apache for the webserver. Otherwise, you would want to use certbot --nginx if you are using Nginx for the webserver.

Please see below for a walkthrough on the first run of the certbot client. 

Step One: Here you will want to enter a valid e-mail address you can receive certificate notifications at, review and agree to the Let’s Encrypt Terms of Service, and decide if you want to provide your e-mail to the Electronic Frontier Foundation (EFF) who runs the Let’s Encrypt authority.

Step Two: After that is done, the client will prompt you with a list of domains attached to the server by searching through the Apache configuration files, and it will include the hostname of the server in this list. Enter the number that corresponds with your site and press enter.

Step Three: Once that is done, it will prompt you asking if you want to redirect all requests to HTTPS. We strongly suggest this as it means the traffic going between the server and the visiting computer is encrypted and cannot be eavesdropped on. Once you make this selection, it will update the appropriate files and install the SSL, and you’re done!

How is Let’s Encrypt different than other Certificate Authorities?

Let’s Encrypt is a new Certificate Authority and a non-profit started by industry leaders.  As the new player in the space, Let’s Encrypt carries with it some early limitations.  Certificates will be basic encryption only – Domain Validated (DV) SSL’s only confirm domain ownership by matching the email in the whois registry. They do not involve further vetting.  Unlike Extended Validation (EV), the free cert will not provide the Green Address Bar, which is necessary for PCI Compliance and supporting credit card payment transactions on your website.

Related Articles