I recently tried to install a Let's Encrypt SSL certificate on GoDaddy and I did'n find enough information to configure auto-renew.
It is simplified in 4 simple steps steps everything you need to install a free certificate and save some 💸💸💸
1. Connecting via SSH to your server
You must enable SSH access from your cPanel and log in with your credentials.
$ ssh [username]@[hostname]
2. Install acme.sh
Download this repo and install it.
$ curl https://get.acme.sh | sh
3. Issue the certificate
You only need write access to the web root folder to issue the certificate.
$ acme.sh --force --issue -d example.com -d www.example.com -w /home/[username]/public_html
4. Deploy the certificate
There are 2 ways to implement the certificate and both leave the cronjob configured.
a. Deploy SSL to cPanel using UAPI (GoDaddy option)
This hook is using UAPI and works in cPanel & WHM version 56 or newer.
$ acme.sh --deploy -d example.com -d www.example.com --deploy-hook cpanel_uapi
b. Deploy SSL to cPanel (other cPanel version)
DEPLOY_CPANEL_USER
and DEPLOY_CPANEL_PASSWORD
is required only once.
$ export DEPLOY_CPANEL_USER=myusername
$ export DEPLOY_CPANEL_PASSWORD=PASSWORD
$ acme.sh --deploy -d example.com -d www.example.com --deploy-hook cpanel
For more documentation see the GitHub Wiki
I hope this may help you!
Top comments (11)
Like @sylver9, this does not work for me:
OK, fair enough - it wants an email and tells you how to feed it. However...
From which point progress is not possible.
Aha! That's because acme.sh changed to ZeroSSL in 2021 (after this article was written). To revert to Let's Encrypt, run this before running the
--issue
request:Hm. Next hurdle is the script tries to
chown
things and gets it wrong: it should just leave well enough alone (i.e. owner read/write access is there, so why change anything). I think I'll have to patch something for this.(This is because GoDaddy site root directory group ownership is
nobody
and the user running the site is not in that group.)Had the exact same problem, and got side-tracked by a link output by
acme.sh
redirecting me to ZeroSSL with non-working recommendation. With youracme.sh --set-default-ca ...
command above, it works nicely.--set-default-ca --server letsencrypt
add to try
I kept getting this error:
The deploy hook cpanel is not found.
acme.sh --deploy -d example.com -d example.com --deploy-hook cpanel
I even tried channel_uapi and the resulting error noted that cert files were missing. And they were. Because one needs to create an account acme.sh --register-account -m user@example.com
before using acme.sh --force --issue
@eesnaola please update your nice tutorial with a step 2.5 (from Peter L Jones) that contains
acme.sh --set-default-ca --server letsencrypt
This is great. Thank you so much!
Will this auto deploy the new SSL to cPanel when the certificate renews?
Hi Ezequiel, great simple and useful article. How would I go about doing an SSL for two domains example: my-domain.com and my-domain.ca?
I think I might have answered my own question:
By just adding "-d my-domain.com" along with it's www. counterpart and any others.
This is GOLD saved me from having to dish out for a GoDaddy SSL cert! Does the autorenew install the cert into cpanel?