Other Products

Search Knowledge Base by Keyword

Free SSL from Let’s Encrypt

You are here:
Share:

What is Let’s Encrypt?

Let’s Encrypt is a Certificate Authority (CA) that provides free Secure Socket Layer (SSL) certificate to enable verified HTTPS on your website.  They will provide you with an SSL Certificate if you can prove domain ownership through the ACME Protocol.  The software runs on your web host and verifies the domain is connected to the server. The certificates themselves can be obtained through Let’s Encrypt’s certbot  client, or set up through WHM in the AutoSSL configuration page. 

Let’s Encrypt is only available on our VPS and Dedicated servers. Our Shared, Business, and Reseller hosting all benefit from cPanel’s automated AutoSSL tool that provides the same type of SSLs with the difference being they are issued by cPanel through Comodo instead of Let’s Encrypt.

How Do I Enable Let’s Encrypt in WHM?

Enabling Let’s Encrypt in WHM is actually an easy and seamless process. After logging in to WHM as the root user on your server, click the SSL/TLS icon on the main WHM page, then click Manage AutoSSL. On this page you can select a provider and it should display cPanel’s default provider as well as Let’s Encrypt. Selecting Let’s Encrypt will require that you agree to the terms of use, and it can be done on the Manage AutoSSL page in WHM. Please see the following screenshots for a walkthrough.

1) Navigate to the WHM Home Page, click the SSL/TLS Icon

 

 

2) Select Manage AutoSSL

 

 

3) Review the steps below

 

 

If you do not see Let’s Encrypt as a provider on this screen, you will need to install the module that allows this. WHM has a built in script for this. You will need to log into the server over SSH as the root user and run the following command: /scripts/install_lets_encrypt_autossl_provider 

 

Let’s Encrypt imposes significant rate limits, and some features that are available with cPanel’s AutoSSL provider are not available with Let’s Encrypt. If you require some of the features cPanel’s provider allows, or you are being rate limited by Let’s Encrypt, you may want to switch back to cPanel’s AutoSSL provider.

 

How to Utilize Let’s Encrypt on the Linux Command Line

Let’s Encrypt provides the certbot  software to not only automate the requesting of the certificates but also to integrate the certificates automatically with common web services such as Nginx and Apache. We will cover installation and obtaining your first certificate for CentOS and Ubuntu using the Apache plugin to not only request the certificate but also install the certificate automatically.

CentOS 7

To utilize Let’s Encrypt certificates with Apache on CentOS 7, you’ll need to install a couple things first. This article assumes you already have at least Apache set up as a web service. Once ready, log into the server over SSH and run the following commands as root.

These commands will install the EPEL (Extended Packages for Enterprise Linux) Release repository which houses their stable packages, and then install the certbot  client with the Apache plugin already installed. Since the packages are now installed, we can continue with setting up your first SSL. While logged into the server as root, you’ll want to run the command certbot --apache . Please see below for a walkthrough on the first run of the certbot client.  Here you will want to enter a valid e-mail address you can receive certificate notifications at, review and agree to the Let’s Encrypt Terms of Service, and decide if you want to provide your e-mail to the Electronic Frontier Foundation (EFF) who runs the Let’s Encrypt authority.

 

1) Here you will want to enter a valid e-mail address you can receive certificate notifications at, review and agree to the Let’s Encrypt Terms of Service, and decide if you want to provide your e-mail to the Electronic Frontier Foundation (EFF) who runs the Let’s Encrypt authority.

2) After that is done, the client will prompt you with a list of domains attached to the server by searching through the Apache configuration files, and it will include the hostname of the server in this list. Enter the number that corresponds with your site and press enter.

3) Once that is done, it will prompt you asking if you want to redirect all requests to HTTPS. We strongly suggest this as it means the traffic going between the server and the visiting computer is encrypted and cannot be eavesdropped on. Once you make this selection, it will update the appropriate files and install the SSL, and you’re done!

 

How is Let’s Encrypt different than other Certificate Authorities?

Let’s Encrypt is a new Certificate Authority and a non-profit started by industry leaders.  As the new player in the space, Let’s Encrypt carries with it some early limitations.  Certificates will be basic encryption only – Domain Validated (DV) SSL’s only confirm domain ownership by matching the email in the whois registry. They do not involve further vetting.  Unlike Extended Validation (EV), the free cert will not provide the Green Address Bar, which is necessary for PCI Compliance and supporting credit card payment transactions on your website.

 

Related Articles


Share: