Let’s Encrypt!!

So I started using a new host and unfortunately they don’t support the Let’s Encrypt plug in on their cPanel, so I emailed them and asked if they could install it for me.  Unfortunately the answer was “no.” :\

Luckily they give ssh access to the server, so I was able to conjure up the commands I needed from various forums and was able to get my sites working with a pretty simple process.  Even better, as I understand it, if I just run a script (cron) once a month, it will auto-majically update the cert for me!

If you have not heard of Let’s Encrypt, please visit their site and support their project.  They make getting a cert for those with limited budget very simple and pretty widely supported.  Donate if you can so we can get new features and longevity from the project.  Thank you Let’s Encrypt!

So let’s get on to the commands:
First we have to get the current client from github

git clone https://github.com/kelunik/acme-client

Once we download a copy of the files, we have to enter the directory so we can run some commands:

cd acme-client

We can then run composer-setup and install the composer for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you:

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"; php composer-setup.php; php -r "unlink('composer-setup.php');"; php composer.phar install --no-dev

We then have to register the client:

php bin/acme setup --server letsencrypt --email my.email@address.com

Then, the magic happens!!! Issue ourselves a cert (the file paths may vary depending on your host):

php bin/acme issue --domains domain.com:www.domain.com --path /home/username/public_html:/home/username/public_html --server letsencrypt

Once the cert is generated (if successful), it will tell you the directory the private key and certs are installed. On my server, I just navigated here and could see 4 files (cert.pem, chain.pem, fullchain.pem and key.pem):

cd /home/acme-client/data/certs/acme-v01.api.letsencrypt.org.directory/domain.com

I then FTP’d to the above directory and downloaded the files to my PC.  I then continued to my cPanel and found an option for SSL/TLS:

I then clicked on the option for “Private Keys (KEY) Generate, view, upload, or delete your private keys.” and uploaded the “key.pem” with a description:

I then backed out one level and clicked “Certificates (CRT) Generate, view, upload, or delete SSL certificates.” and uploaded the “fullchain.pem” with a brief description:

I then went back to my shell and verified the certificate was valid

php bin/acme check --name domain.com --server letsencrypt

Once I got confirmation that the Certificate was valid, I backed out once again and clicked on “Install and Manage SSL for your site (HTTPS) Manage SSL Sites.”
I Then did the following:
selected “Browse Certificates
Clicked on the radio button next to the certificate that listed the “Let’s Encrypt” Issuer
Clicked on “Use Certificate”
Under “Domain,” I selected my domain
Scrolled to the bottom and clicked “Install Certificate”

I then logged logged out of all my browser sessions and navigated to my site with “https://” to see if the certificate was installed correctly.

Once I confirmed everything was working correctly, I navigated to the “Cron Jobs” section of the cPanel:

I then added a new cron job (monthly):

The command checks with the “Let’s Encrypt” server to renew when needed:

php acme-client/bin/acme issue --domains domain.com:www.domain.com --path /home/username/public_html:/home/username/public_html --server letsencrypt