Let’s Encrypt SSL certificate in Namecheap AutoRenewal – Verified & working – Using ACME.sh

NameCheap doesn't support Let's Encrypt natively, But provides option so you can setup LetEncrypt SSL certificates using different utilities like getSSL or ACME.sh, having used both found acme.sh to be quite better and simple to use + it supports auto renewal too.

1 - Enable SSH to get into your shared hosting server with your cpanel username.(You can get keys & login from your terminal or use inbuilt capnel terminal for quick access)

2 - Get the certs

#Get acme.sh utility
curl https://get.acme.sh | sh

#Source the Environment variables
source ~/.bashrc

#Register your email with Lets's Encrypt to be notified any renewals issue
acme.sh --register-account --accountemail email@example.com

# At this moment a cron entry already has been setup for autorenewal which will auto renew after 60 days., You can update /dev/null to something like this if you need the log
crontab -l | grep acme.sh
10 0 * * * "/home/_CPANEL_USERNAME_/.acme.sh"/acme.sh --cron --home "/home/_CPANEL_USERNAME_/.acme.sh" >> /home/_CPANEL_USERNAME_/.acme_cron_log

4 – Issue a test cert to check if all working

#webroot will be any directory in which your domain exist, give path accordingly.
acme.sh --issue --webroot ~/public_html -d yourdomain.com --staging

5 – issue an actual Certificate

acme.sh --issue --webroot ~/public_html -d yourdomain.com --force

#In ourput you will see success if all goes fine & key/Certs/chaincerts/csr will be stored under below location, you can refer those if you intend to apply those using cpanel GUI manually

~/.acme.sh/yourdomain.com/

6 - Apply Cert to website using cPnel hook

acme.sh --deploy --deploy-hook cpanel_uapi --domain yourdomain.com

7 – You should be able to see your domain with SSL in cpanel under SSL/TLS -> Manage all certs

8 - Force HTTP-HTTPS redirection
If you see option to enable you can enforce HTTP from cpanel itself:

cPanel->Domains

In case it is greyed out, which could be in case you have multiple domains like www.yourdomain.com for which you don’t have the cert , Enable the redirection from “redirects” or simply add below lines in .htaccess file

#always backup as a thumb of rule
vi ~/public_html/.htaccess 

Or

vi ./yourdomain.com/.htaccess 

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

9 – test your website in new window with URL: https://yourdomain.com or http://yourdomain.com( in http it should redirect automatically to https)

So you are all done now, If you need a more detailed Article you can checkout the original article on below link:
devops.egyan.space

Glad if this helped you, You can now buy me a coffee if this was helpful:

Comments

[Aaron Eiche]

This is a bit of an old article, but still relevant. If anyone is following these steps, please be aware that in August of 2021, acme.sh began supporting multiple Certificate Authorities, defaulting to ZeroSSL. In order to use LetsEncrypt, you will need to provide the --server letsencrypt argument to the issue command. It would look something like this:

acme.sh --issue --webroot ~/public_html --server letsencrypt -d yourdomain.com --force

[Anuj Singh Tomar]

Good to know , thanks for sharing

[Aaron Eiche]

This is a bit of an old article, but still relevant. If anyone is following these steps, please be aware that in August of 2021, acme.sh began supporting multiple Certificate Authorities, defaulting to ZeroSSL. In order to use LetsEncrypt, you will need to provide the --server letsencrypt argument to the issue command. It would look something like this:
acme.sh --issue --webroot ~/public_html --server letsencrypt -d yourdomain.com --force

[John Johnson Okah]

Great. I followed the steps last year and it worked.
ALSO, you can just ask NameCheap for a free SSL Certificate; via the LiveChat, they respond immediately.

[Roman Taylor]

Apply Cert to website using cPnel hook

Should say cPanel 🙂

Great post though!

[Anderson Timana]

Thanks for the post! It worked great the first time. However, I have a problem when doing this process for other domains in my shared hosting.
I'm getting an error 503 when I try to issue a test certificate. As far as I can see .well-know is blocking the request. Any idea of why it may happen?

[Julian]

thanks so much! This really helped me!

[Emmanuel David]

This is indeed an awsome tutorial as following it step by step works.
However the code below seemed not to work so i just skipped it

crontab -l | grep acme.sh
10 0 * * * "/home/_CPANEL_USERNAME_/.acme.sh"/acme.sh --cron --home "/home/_CPANEL_USERNAME_/.acme.sh" >> /home/_CPANEL_USERNAME_/.acme_cron_log

Thanks for the wonderful tutorial

[Anuj Singh Tomar]

Glad that it helped, that code worked fine for me, it is critical too, as i don't want to bother me with running this manually, cronjob takes care of autorenewal, have worked fine for me for more than a year :)

Just check the CPANEL_USername , it would be same id when you log in to your cpanel, it will show with below command on terminal run :
echo $USER
Or in Console note it under: General Information->Current User

[jkaka00912]

Hey, i am unable to install on addon domains. The main domain worked perfect, on addon domains I can't do it. Maybe is not possible?
I added the domain.main-domain.com folder too, but I get errors

[Saminu Eedris]

Hey Anuj,

Thanks so much this is so very helpful, having to renew my SSL every 3 months is such a hassle and with this I won't have to do that anymore.

Thanks a lot man!

[Californiasomething]

Thanks for posting this. Breezy to follow, and now I shouldn't have to worry about this stuff for a while. I'd been doing it manually for a year now on four of my sites and it was a pain but worth not paying them.

[Vladimir Lugovkin]

After command:

At this moment a cron entry already has been setup for autorenewal which will auto renew after 60 days., You can update /dev/null to something like this if you need the log

crontab -l | grep acme.sh
10 0 * * * "/home/CPANEL_USERNAME/.acme.sh"/acme.sh --cron --home "/home/CPANEL_USERNAME/.acme.sh" >> /home/CPANEL_USERNAME/.acme_cron_log

I have error: -bash: 10: command not found

[Ian B]

thank you :) this was really helpful. 🪙

[Rafanjani]

hi, thanks for tutorial. I'm getting a error when issue a cert for cpanel.domain.com and webmail.domain.com... the others like domain and mail.domain and domain.com was successful.

When trying issue a cert for webmail i'm getting multiple "processing" and timeout lines. I have a stelar plan from namecheap.

Peace.

[Yanik Love]

Big Thanks!

Saving me lots of money :)
I was about to switch hosting provider to one that supports let's encrypt!

Had read this post before but it looked too complicated.
After some efforts and patience everything is working now and all my sites are secure, for free, with auto renew on! How cool!! :D

Much gratitude <3

Now what would make it perfect would be a script like :

/ssl domain.com

That would automatically do all the steps, including the www :D
This way it would save some time and avoid typos ^^

Thanks again!

[Dave Elton]

The redirect method for www. has a snag. Most browsers seem to look for a www.mydomain.com cert before following the redirect. This results in users seeing a warning and not redirecting.

The solution is to add a second domain arg to each of the commands. EG:

acme.sh --issue --webroot ~/public_html -d mydomain.com -d www.mydomain.com --staging

acme.sh --issue --webroot ~/public_html -d mydomain.com -d www.mydomain.com --force

acme.sh --deploy --deploy-hook cpanel_uapi --domain mydomain.com --domain www.mydomain.com

You'll still want to add the redirect, but this will now avoid the error for users.