How to enable cPanel/WHM protection via let’s encrypt

October 25, 2024 / cPanel & WHM

Do you want to secure services like WHM, cPanel, and Webmail using Let’s Encrypt? Unlike Sectigo, cPanel doesn’t enable this by default, so you must follow a few additional steps to configure it.

Important Note:
For this setup to work, ensure the server’s hostname resolves to its primary IP address. Additionally, no existing, valid, or unexpired certificates should be installed for cPanel services.

Steps to Enable Let’s Encrypt for cPanel Services:

  1. Log in to WHM.
  2. In the top-left search box of WHM, type “Terminal” and click on the Terminal option.
    terminal
  3. In the terminal window, run the following command to download the Let’s Encrypt repository:
    wget https://cpanel.fleetssl.com/static/letsencrypt.repo - O /etc/yum.repos.d/letsencrypt.repo
  4. After downloading the repository, install the Let’s Encrypt plugin using:
    yum -y install letsencrypt-cpanel

    Note: The installation might take a minute to complete.

  5. Enable SSL for Server’s Hostname:
    Once the installation is complete, run this command to secure the server’s hostname with Let’s Encrypt:

    le-cp hostcert enable
  6. After running the above command, Let’s Encrypt will request an SSL certificate for your server’s hostname. If the hostname is configured properly (pointing to the server’s primary IP), the SSL will be installed automatically for cPanel services (including cPanel, WHM, and Webmail).
  7. To verify the SSL request or troubleshoot any issues, view the recent entries in the Let’s Encrypt log using the command below:
    tail -f /var/log/letsencrypt-cpanel.log

Your cPanel service should now be secured when accessed through the server’s hostname. If the SSL installation fails or if your hostname remains unsecured after following these steps, do not hesitate to contact our support team for assistance.

Spread the love