Ezequiel Esnaola

Posted on Apr 16, 2020

Letsencrypt Godaddy Let's Encrypt SSL with auto-renew on GoDaddy in 4 steps

#ssl #godaddy #letsencrypt #cpanel

I recently tried to install a Let's Encrypt SSL certificate on GoDaddy and I did'n find enough information to configure auto-renew.

It is simplified in 4 simple steps steps everything you need to install a free certificate and save some 💸💸💸

1. Connecting via SSH to your server

You must enable SSH access from your cPanel and log in with your credentials.

$ ssh [username]@[hostname]

2. Install acme.sh

Download this repo and install it.

$ curl https://get.acme.sh | sh

3. Issue the certificate

You only need write access to the web root folder to issue the certificate.

$ acme.sh --force --issue -d example.com -d www.example.com  -w /home/[username]/public_html

4. Deploy the certificate

There are 2 ways to implement the certificate and both leave the cronjob configured.

a. Deploy SSL to cPanel using UAPI (GoDaddy option)

This hook is using UAPI and works in cPanel & WHM version 56 or newer.

$ acme.sh --deploy -d example.com -d www.example.com --deploy-hook cpanel_uapi

b. Deploy SSL to cPanel (other cPanel version)

DEPLOY_CPANEL_USER and DEPLOY_CPANEL_PASSWORD is required only once.

$ export DEPLOY_CPANEL_USER=myusername
$ export DEPLOY_CPANEL_PASSWORD=PASSWORD
$ acme.sh --deploy -d example.com -d www.example.com --deploy-hook cpanel

For more documentation see the GitHub Wiki

I hope this may help you!

Top comments (11)

Peter L Jones • Oct 9 '22

Like @sylver9, this does not work for me:

$ acme.sh --force --issue -d maindomain.eg -d *.maindomain.eg -w /home/<username>/public_html
[Sun Oct  9 05:04:28 MST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Oct  9 05:04:28 MST 2022] Create account key ok.
[Sun Oct  9 05:04:28 MST 2022] No EAB credentials found for ZeroSSL, let's get one
[Sun Oct  9 05:04:28 MST 2022] acme.sh is using ZeroSSL as default CA now.
[Sun Oct  9 05:04:28 MST 2022] Please update your account with an email address first.
[Sun Oct  9 05:04:28 MST 2022] acme.sh --register-account -m my@example.com

OK, fair enough - it wants an email and tells you how to feed it. However...

$ acme.sh --register-account -m <postbox>@maindomain.eg
[Sun Oct  9 05:04:53 MST 2022] No EAB credentials found for ZeroSSL, let's get one
Usage: _hmac hashalg secret [outputhex]
[Sun Oct  9 05:04:54 MST 2022] Registering account: https://acme.zerossl.com/v2/DV90
[Sun Oct  9 05:04:58 MST 2022] Register account Error: {"type":"urn:ietf:params:acme:error:malformed","status":400,"detail":"[External Account Binding] The JWS Signature MUST be present"}

From which point progress is not possible.

Peter L Jones • Oct 9 '22

Aha! That's because acme.sh changed to ZeroSSL in 2021 (after this article was written). To revert to Let's Encrypt, run this before running the --issue request:

acme.sh --set-default-ca --server letsencrypt

Peter L Jones • Oct 9 '22

Hm. Next hurdle is the script tries to chown things and gets it wrong: it should just leave well enough alone (i.e. owner read/write access is there, so why change anything). I think I'll have to patch something for this.

(This is because GoDaddy site root directory group ownership is nobody and the user running the site is not in that group.)

Axel Bregnsbo • Feb 25 '23

Had the exact same problem, and got side-tracked by a link output by acme.sh redirecting me to ZeroSSL with non-working recommendation. With your acme.sh --set-default-ca ... command above, it works nicely.

Kâzım ERDOĞAN • Oct 22 '23

--set-default-ca --server letsencrypt

add to try

sylver9 • Jan 4 '22 • Edited

I kept getting this error:
The deploy hook cpanel is not found.

acme.sh --deploy -d example.com -d example.com --deploy-hook cpanel
I even tried channel_uapi and the resulting error noted that cert files were missing. And they were. Because one needs to create an account acme.sh --register-account -m user@example.com
before using acme.sh --force --issue