PS : there is a easier way with ACME script, which does autorenewal as well l, I prefer that over getSSL, Use getSSL only if ACME is not working, Refer below link to use ACME:
Since NameCheap doesn’t support Let’s Encrypt natively, i was looking for implementing SSL for my blog, After researching a bit found below option which had me SSL implemented within 20 minutes.
Follow below steps to Enable SSL :
Ignore Step 1 & 2 if you want to use NameCheap’s Terminal instead of yours – cPanel -> Advanced -> Terminal
1 – Login to NameCheap portal & enable SSH access first :
Select manageShell & enable checkbox for Enable SSH Access
Note down IP/username & port, Use same password which you use to login to cPanel, In case you don’t have same, have password reset with the support team.
2 – If you don’t had the RSA keys yet, generate a new key pair , if you already have then use same to login to server
- View the private key & copy it to .ssh folder of any SSH client with name id_rsa and permission 600
vi ~.ssh/id_rsa paste the private key data here chmod 600 ~.ssh/id_rsa Try connecting now: with details obtained from step 1 ssh -p <port> <cpanel_user>@IP
3 – Once logged in use below commands to generate the Certs: for more details SRC: https://github.com/srvrco/getssl
getSSL is recommended method apart from acme.sh by Let’s Encrypt refer: https://letsencrypt.org/docs/client-options/
mkdir ~/letsencrypt cd ~/letsencrypt curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl ./getssl -c yourdomain.com #update ACL as per below date vi ~/.getssl/yourdomain.com/getssl.cfg ACL=('/home/<cpanel_username>/yourdomain.com/.well-known/acme-challenge') cd ~/letsencrypt getssl yourdomain.com #You will see below in output if all good. "Certificate saved in /home/cpanel_user/.getssl/yourdomain.com/yourdomain.com.crt" #Ignore warning " RSA certificate obtained but certificare on server is different from the new certificate.
If you got CRT file in above step, that means all looks ok, don’t use those cert as of now as those are test certs, just for testing using a fake CA, so it will not work.
4 – Change CA URL from staging to Prod & order actual certs.
#Uncomment below line to point CA to Prod, this will overwrite staging CA vi ~/.getssl/yourdomain.com/getssl.cfg CA="https://acme-v02.api.letsencrypt.org" cd ~/letsencrypt getssl yourdomain.com #You will see below in output if all good. "Certificate saved in /home/cpanel_user/.getssl/yourdomain.com/yourdomain.com.crt" #Verify your cert issuer Authority it should say Let's Encypt now. cat ~/.getssl/yourdomain.com/yourdomain.com.crt" #copy from above and paste in below link to verify : https://www.geocerts.com/certificate-decoder cat ~/.getssl/yourdomain.com/yourdomain.com.key cat ~/.getssl/yourdomain.com/chain.crt
5 – You will need output from above three cat commands for this step to implement SSL for yourdomain.com
- In Cpanel – Security -> SSL/TLS – > Install and Manage SSL for your site (HTTPS) -> Manage SSL Sites
- in Domain DropDown select the domain yourdomain.com for which you requested the certs
- Put the output of below in Certificate(CRT) TextBox
- Put the output of below in Private Key (KEY) TextBox
- Put the output of below in Certificate Authority Bundle: (CABUNDLE) TextBox
- Click on Install Certificate
6 – If no errors it will say certificate installed successfully.
test your website in new window with URL: https://yourdomain.com
You should not see any warning now that site is not secure, Padlock should be visible & connection is secure , also certificate will show valid
If you click on Certificate, it will show Issuer as Let’s Encrypt:
in Firefox/chrome you should see connection as secure.
If you see error that some part of website is not secure, you can check which part of your website is still insecure using below link
7 – Default expiry is 90 days so cert will expire after 90 days, ensure to renew it before expiry. there is another method also which takes care of renewal using cpanel, will be testing it and updating it in new post if it works out.
Let me know if it works for you or you get any errors with any step.