With neither FleetSSL cPanel or cPanel® AutoSSL supporting DNSONLY servers, we've decided to make a free and convenient packaging of the awesome acmetool project and some custom configuration + hooks for free, automatically renewing SSL on your DNSONLY nameservers.


Ensure you meet the prerequisites:

  • Completed cPanel DNSONLY installation, on at least an LTS supported version.
  • A valid FQDN that resolves on the internet. The package will not install otherwise!
  • Ensure ports tcp/80 and tcp/443 are open on any firewall - they're needed for SSL validation.

1. You will be fetching the package from our yum repository:

wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo

2. Install the package

yum -y install letsencrypt-cpanel-dnsonly

3. Wait for the certificate

The issuing and installation process should run as a post-installation step automatically, completing in your terminal within a minute or so. You should now have a valid certificate on port :2087


You typically should not need to do anything after installing the package.

I need to re-install the service certificate that was already issued. You may use the following command:

/usr/local/letsencrypt-cpanel-dnsonly/acmetool test-notify $(hostname)

I want to run renewal by hand or troubleshoot the renewal process. You may use the following command, but acmetool may decline to do anything if the existing certificate is valid and long duration. An automatically-added cron job usually runs this task.

/usr/local/letsencrypt-cpanel-dnsonly/acmetool --xlog.severity=debug reconcile

You may find the full documentation to acmetool on the project website..

I changed my server hostname. A re-install will get you going:

yum -y reinstall letsencrypt-cpanel-dnsonly


Why? Not having an easy SSL solution for DNSONLY servers seemed like a bit of a blind spot. Changing our plugin to work with DNSONLY was too involved (it's not our core use case), using generic Let's Encrypt™ tools by hand was tedious for a large number of servers, so this is the middle ground!

I need help. This project is community supported. This means, you may not email us at FleetSSL about it - sorry, we are not providing technical support! You may open an issue on the Github project if you believe you have found a bug or you would like to contribute code or documentation.

Trademarks and Endorsements. This project is not associated or endorsed by the cPanel®, Let's Encrypt™ or acmetool organisations. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement. This project is not affiliated with the Let's Encrypt™ or ISRG organisations. Let's Encrypt™ is a trademark of the Internet Security Research Group.