Make sure to replace ‘/home/yourdomain.com/public_html/yourdomain.com/’ with the path of your home directory and ‘yourdomain.com’ with the original domain. This will show something like the following once the retrieve is done
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2022-03-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
The noticeable thing is the following:
This ends with 003 because this is the 3rd time, it is getting a certificate from Let’s Encrypt for the same domain.
Now, first go to /etc/letsencrypt/live and change this folder to yourdomain.com, and then restart lsws like the following:
mv yourdomain.com yourdomain.com_old_1
mv yourdomain.com-003 yourdomain.com
service lsws restart
Let’s Encrypt is a popular tool to use free SSL for your website. Cpanel comes with Sectigo free ssl service through requesting and pooling system. Although, you might feel interested in getting the SSL released immediately without a queue based approach, and would prefer to use Let’s Encrypt that’s why.
There are two ways, you may install Let’s Encrypt in Cpanel.
Using Cpanel Plugin
First one would be using the plugin created by Cpanel. Login to your server as root:
Then, run the following to install Let’s Encrypt in your cpanel system
It might take a couple of minutes, then it should install Let’s Encrypt as a provider in AutoSSL.
Now, go to WHM >> Manage AutoSSL and select Let’s Encrypt as the provider instead of Sectigo Cpanel default. You need to check the Agreement rules under the Let’s Encrypt selection and you may create the account in Let’s Encrypt using the same tool.
Once done, your new SSLs would be issued using the Let’s Encrypt tool through Cpanel AutoSSL plugin.
2. Using FleetSSL
There is a 3rd party tool, existed before Cpanel provided a plugin for Let’s Encrypt. It’s FleetSSL. One key benefit of using FleetSSL is that, it allows the Cpanel end users to control issuing and renewing the SSL from Cpanel. One key cons of using FleetSSL is that, it is not free of charge, it comes with 30$ one time fees. But mainly hosting provider would not mind to use this as it is a nice addition for the end user feature set in a hosting provider’s point of view.
Now, once you complete installing Let’s Encrypt SSL, you may now use Let’s Encrypt for different cpanel services like webmail/cpanel/whm/calenders/MTA services. You may check the following to know how to:
Remember: This is a part of dirty hack series. This is not the only way you can achieve what we want to achieve. But this is only used when you can trust the connections between your HAProxy and the Origin servers. Otherwise, you should not use this technique.
One common problem with using HAProxy and Cloudflare is that, the SSL that Cloudflare gives us, it gets terminated at HAProxy on L7 load balancer. For such cases, Cloudflare can not verify the Origin server and drops the connection. For such cases, your HAProxy will not work. What would you do for such cases? There are two ways to do this.
First one is, Cloudflare gives you a origin certificate, that you can install at HAProxy. I won’t dig into deep into this in this blog post.
But if you can trust your connections between HAProxy and backend Origin servers, as well as the connections between Cloudflare and HAproxy, you can choose the second one. For this case, Cloudflare allows you to Encrypt only the connections between the Visitors and Cloudflare. It won’t matter what you are doing behind the Cloudflare. This option is called ‘Flexible’ option, that you can select from your Cloudflare >> SSL/TLS tab.
Once you set this to Flexible, this should start working ASAP. Remember, this is not essentially the best way to do this, but the quickest way only if load balancing is more important to you instead the data integrity.