Let’s Encrypt for cPanel Installation


Let’s Encrypt for cPanel Installation using Installing the cPanel Plugin

Log into your SSH client at root level, then add the Let’s Encrypt repository with the following command:

cd /etc/yum.repos.d/ && wget https://letsencrypt-for-cpanel.com/static/letsencrypt.repo

Next, install the plugin for cPanel with line below and yum:

yum -y install letsencrypt-cpanel

The installation process usually takes about a minute. If all goes well and the installation was successful, a test should run automatically. If it renders similar messages as the example below, you’re good to go:

le-cp self-test
[SELF-TEST] Can read config ............ SUCCESS.
[SELF-TEST] Can connect to daemon and check licence ............ SUCCESS.
[SELF-TEST] Can connect to Lets Encrypt ............ SUCCESS.
[SELF-TEST] Can talk to WHM API ............ SUCCESS.
[SELF-TEST] Can talk to plugin RPC ............ SUCCESS.

You can log in to your cPanel account and install your first SSL certificate.

Installing a Certificate
Once you’re logged into cPanel, you should see a Let’s Encrypt for cPanel button under Security. Click on it to access your active domains list to install a certificate.

Continue reading “Let’s Encrypt for cPanel Installation” »


Debian 7 wheezy – Certbot auto started failing with ’ No module named pip.__main__’

If you’re using Debian 7 a.k.a wheezy which is end of life at this moment and you were using Let’s Encrypt was your SSL, then you might need some backward compatibility to continue. A possible work around for me as below:

wget https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto
chmod +x ./certbot-auto
./certbot-auto --no-self-upgrade

For renewing an existing certificate you can use the following command instead:

./certbot-auto --no-self-upgrade

Installing Let’s Encrypt on a Zimbra Server

Let’s Encrypt must be installed on one Linux machine to obtain the proper SSL Certificate, CA Intermediate, and Private Key. It is not required that it be on the same Zimbra Server, but it could save time and help to obtain the renewals, etc.

First Step is to stop the jetty or nginx service at Zimbra level

zmproxyctl stop
zmmailboxdctl stop

Second step is to Install git on the Server (apt-get install git/yum install git), and then do a git clone of the project on the folder we wantNote: On RedHat/CentOS 6 you will need to enable the EPEL repository before install.

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Let’s now run Let’s Encrypt in auto mode and use the certonly option, because for now the project can’t automatically install the cert on Zimbra servers.

root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone

If you need to have multiple hostnames on the same SSL, so a Multi-SAN, SSL, please run instead, where -d are your domains:

root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone -d xmpp.example.com -d conference.example.com

Continue reading “Installing Let’s Encrypt on a Zimbra Server” »


Let’s Encrypt service with Pound server

In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)

$sudo apt-get install git (if not previously installed)
$cd /opt
$sudo git clone https://github.com/certbot/certbot

Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:

$sudo service pound stop

once the service is stopped, run:

$cd /opt/certbot
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly

by default, running the command above will generate the necessary key files (*.pem) in the following folder:


now, we need to create a private key file that Pound can understand, to do so run the following:

$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem

doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »