: cPanel | SSL cPanel powerd by Sectigo vs Lets Encrypt

Rise Company
03-03-2021, 01:23
cPanel | SSL cPanel powerd by Sectigo vs Lets Encrypt
How to Configure and Manage Lets Encrypt in cPanel


How to Configure and Manage Lets Encrypt in cPanel

Its super easy to install and manage SSL certificates in cPanel & WHM. Certificate requests and installations happen automatically with AutoSSL and an integration such as the cPanel Lets Encrypt plugin. SSL automation saves web hosting providers time and eliminates the deluge of support requests that traditionally accompany SSL certificate issues.
AutoSSL includes a default certificate provider, which we chose for its reliability, usability, and generous domain and rate limits. However, we also made it easy to switch providers. In this article, we will show you how to configure AutoSSL to use Lets Encrypt (https://letsencrypt.org/), which provides free SSL certificates that are valid for 90 days.

What is an SSL Certificate?

SSL certificates are files that contain information to verify a servers identity and encrypt data before its sent over the internet. Their most important job is securing HTTPS connections, which enhance the webs standard HTTP protocol with identity verification and encryption.
When you see a padlock in your browsers address bar, it means that the domain has an SSL certificate the browser trusts and that communication between it and the server is encrypted.
How does the browser know it can trust the certificate? After all, anyone can create one; you could make your own right now with the OpenSSL software on your server or in cPanels SSL management interface.
This is where certificate authorities (CA) come in. A CA verifies that a person or company has legitimate control over a domain. They then sign the certificate with a digital signature. When a browser sees a CA signature, it knows it can trust the server to which it is connected.
All SSL certificates work in the same way, but there is one important difference that affects how much they cost: the amount of effort the CA puts into investigating and verifying organizations.

Domain-validation (DV): The applicant has to demonstrate that they control the domain, usually by uploading a file to the server or adding a special DNS record.
Organization-validation (OV): The applicant must prove they own the domain and are a legally registered business.
Extended-validation (EV): The applicant owns the domain, is a legally registered business, and the CA spends more time investigating and authenticating the organization.

As you might expect, EV certificates are the most expensive because they take the most time. OV certs are less expensive, and DV certs are often free. Still have questions? Visit our past blog for more information on Which SSL is right for me? (https://blog.cpanel.com/which-ssl-is-right-for-me/).

cPanel Lets Encrypt Plugins Free SSL Certificates

Lets Encrypt is a certificate authority specializing in free DV SSL certificates. It was a free SSL pioneer and one of the first to develop infrastructure and software to automate the request and installation process.
In 2020, several CAs offer DV certs for free, including cPanel-partner Sectigo (https://sectigo.com/), the default SSL provider in cPanels AutoSSL feature. However, if you would like to use Lets Encrypt instead, its straightforward to switch.
To use Lets Encrypt in AutoSSL, the first step is to install the cPanel Lets Encrypt plugin. Log in to your server as the root user with SSH and enter the following command:
The script installs the plugin and a handful of dependencies. If you change your mind, it can be removed by running the uninstall script as root:

Configuring the Lets Encrypt Plugin in cPanel

Next, well activate the Lets Encrypt AutoSSL provider in WHM. Open WHM and navigate to the Manage AutoSSL page, which youll find under SSL/TLS in the sidebar menu.
Select Lets Encrypt under AutoSSL Providers.

https://www.rise.company/forum/images/imported/2021/03/1.png Before you can use Lets Encrypt, you will have to agree to the providers terms of service. There is also an option to Recreate my current registration with Lets Encrypt. This is only necessary if your license has expired or been corrupted, so there is no need to select it now.


Click Save and cPanel will switch to Lets Encrypt. The next time AutoSSL replaces a certificate, it will use Lets Encrypt instead of the default provider.
If you would like to immediately replace the servers existing certs with new ones from Lets Encrypt, manually remove the old ones by navigating to Manage SSL Hosts under SSL/TLS in the sidebar menu. Be aware that when you remove certificates, their associated sites will not be available at a secure HTTPS URL until they are replaced.

Return to Manage AutoSSL and click Run AutoSSL For All Users. cPanel will regenerate the removed certificates with replacements from the Lets Encrypt provider.
Managing Certificates with the Lets Encrypt Plugin in cPanel

AutoSSL is a considerable improvement on earlier SSL management systems because it is largely automatic. The complexities of dealing with the CA, deploying validation tokens, and installing certificates are handled without user intervention.
However, there are some cPanel Lets Encrypt plugin configurations you may want to adjust. You will find them under the Options tab in Manage AutoSSL. Here, you can configure user and administrator notifications for AutoSSL events, including request failures and other issues.


At the bottom of the page is the Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates option.


This option gives AutoSSL permission to replace certificates that it did not issue and does not manage. Its useful for transitioning users who sourced their certs from a different CA. However, it will replace any expiring OV or EV certificates with a DV, which may not be what your users want.
Finally, under the Manage Users tab, you can configure which cPanel users benefit from AutoSSL.


Here you can enable or disable AutoSSL for individual cPanel users, and reset to the default configured in the Feature List Settings. AutoSSL is turned on for all users by default, but you can change that in the Feature Manager, which you can find under Packages in the WHM sidebar menu.

Premium SSL Certificate Options in cPanel

AutoSSL is an incredibly low-maintenance system for providing domain-validated certificates to your users, but domain validation isnt suitable for many sites. Owners of business sites, web applications, and ecommerce stores may prefer organization and extended validation certificates.
Sectigo (https://sectigo.com/) is one of the worlds largest and most well-respected CAs. It offers a wide range of OV and EV SSL certificates, including multi-domain and wildcard SSL certificates, all of which are straightforward to install with cPanels SSL/TLS interface.
Before we introduced AutoSSL in cPanel, SSL certificate installation and unexpected certificate expiry were among the most common causes of frustrating issues for web hosts and their clients. Today, every cPanel user benefits from hassle-free DV certificates from Sectigo or Lets Encrypt.