With neither FleetSSL cPanel or cPanel® AutoSSL supporting DNSONLY servers, we've decided to make a free and convenient utility to automatically issue and renew trusted SSL certificates. Just install and walk away.
Ensure you meet the prerequisites:
1. You will be fetching the package from our yum repository:
wget https://cpanel.fleetssl.com/static/letsencrypt.repo -O /etc/yum.repos.d/letsencrypt.repo
2. Install the package
yum -y install letsencrypt-cpanel-dnsonly
3. Wait for the certificate
The issuing and installation process should run as a post-installation step automatically, completing in your terminal within a minute or so. You should now have a valid certificate on port :2087
You typically should not need to do anything after installing the package.
It is automatic. Upon installation, a systemd timer is enabled, which runs twice daily. You may check its status with:
systemctl status fleetssl-dnsonly.timerIf you need to run renewal by hand for some reason, you can just run:
Remove the state file and run the program with the following:
rm -f /var/lib/fleetssl-dnsonly.json && /usr/local/bin/fleetssl-dnsonly
Before you install the package, you can apply some customizations as described below. There are some other, advanced customizations available that are not documented here, you'll need to look in the source code if you're interested in them.
This is possible with a comma-separated list of domains.
echo "FLEETSSL_DNSONLY_CERT_HOSTNAMES=dns1.example.org,alternate.example.org,foo.example.org" >> /etc/fleetssl-dnsonly.conf
Remember, you must do this before you install the package, or otherwise remove the state file as described earlier.
echo "FLEETSSL_DNSONLY_ACME_EMAIL_ADDRESSfirstname.lastname@example.org" >> /etc/fleetssl-dnsonly.conf
echo "FLEETSSL_DNSONLY_RENEWAL_CUTOFF=31" >> /etc/fleetssl-dnsonly.conf
Why? Not having an easy SSL solution for DNSONLY servers seemed like a bit of a blind spot. Changing our plugin to work with DNSONLY was too involved (it's not our core use case), using generic Let's Encrypt™ tools by hand was tedious for a large number of servers, so this is the middle ground!
I need help. This project is community supported. This means, you may not email us at FleetSSL about it - sorry, we are not providing technical support! You may open an issue on the Github project if you believe you have found a bug or you would like to contribute code or documentation.
Trademarks and Endorsements. This project is not associated or endorsed by the cPanel®, Let's Encrypt™ or acmetool organisations. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement. This project is not affiliated with the Let's Encrypt™ or ISRG organisations. Let's Encrypt™ is a trademark of the Internet Security Research Group.