Ensure you meet the prerequisites:
- Completed cPanel DNSONLY installation, on at least an LTS supported version.
- A valid FQDN hostname that resolves on the internet. Take care that you change your hostname first if cPanel assigned you an Automatically-Issued Hostname.
- Ensure port 80/tcp is open on any firewall – it’s needed for SSL validation.
1. You will be fetching the package from our yum repository:
wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo
2. Install the package
yum -y install letsencrypt-cpanel-dnsonly
3. Wait for the certificate
The issuing and installation process should run as a post-installation step automatically, completing in your terminal within a minute or so. You should now have a valid certificate on port :2087
You typically should not need to do anything after installing the package.
How do I perform renewal?
It is automatic. Upon installation, a systemd timer is enabled, which runs twice daily. You may check its status with:
systemctl status fleetssl-dnsonly.timer
If you need to run renewal by hand for some reason, you can just run:
I need to re-install the existing SSL certificate to my cPanel services.
You can run the following:
I want to perform a test renewal to see whether it would work.
You can run the following:
I got stuck and need to reset absolutely everything.
Remove the state file and run the program with the following:
rm -f /var/lib/fleetssl-dnsonly.json && /usr/local/bin/fleetssl-dnsonly
Before you install the package, you can apply some customizations as described below. There are some other, advanced customizations available that are not documented here, you’ll need to look in the source code if you’re interested in them.
I want to include other domain names on the certificate, other than the hostname of the server.
This is possible with a comma-separated list of domains.
echo "FLEETSSL_DNSONLY_CERT_HOSTNAMES=dns1.example.org,alternate.example.org,foo.example.org" >> /etc/fleetssl-dnsonly.conf
I want to register my Let’s Encrypt account with an email address so that I can receive renewal reminders in case of any issues.
Remember, you must do this before you install the package, or otherwise remove the state file as described earlier.
echo "FLEETSSL_DNSONLY_ACME_EMAIL_ADDRESSfirstname.lastname@example.org" >> /etc/fleetssl-dnsonly.conf
I want to change the renewal cutoff from the default of 31 days to something different.
echo "FLEETSSL_DNSONLY_RENEWAL_CUTOFF=31" >> /etc/fleetssl-dnsonly.conf
Why? Not having an easy SSL solution for DNSONLY servers seemed like a bit of a blind spot. Changing our plugin to work with DNSONLY was too involved (it’s not our core use case), using generic Let’s Encrypt™ tools by hand was tedious for a large number of servers, so this is the middle ground!
I need help. This project is community supported. This means, you may not email us at FleetSSL about it – sorry, we are not providing technical support! You may open an issue on the Github project if you believe you have found a bug or you would like to contribute code or documentation.
Trademarks and Endorsements. This project is not associated or endorsed by the cPanel®, Let’s Encrypt™ or acmetool organisations. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement. This project is not affiliated with the Let’s Encrypt™ or ISRG organisations. Let’s Encrypt™ is a trademark of the Internet Security Research Group.