CPanel SSL: Issue free certificates in a non-root server
Since some shared hosting providers are tied to an option to buy a SSL certificate, with the help of the acme.sh script, you can issue free SSL certificates following the instructions:
📈 Go to the Terminal into your CPanel or SSH there
⬇️ Get the acme.sh script
1curl https://get.acme.sh | sh
🔃 Refresh the terminal
Re-enter to the terminal or simply run
1source ~/.bashrc
✉️ Register your email with the certificate
1acme.sh —-register-account —-accountemail youremail@yourdomain.com
⏰ Check if cronjob was enabled by acme
1crontab -l | grep acme.sh
The above command should output something like:
110 0 * * * “/home/*YOUR_CPANEL_USER*/.acme.sh”/acme.sh —- cron —- home “/home/*YOUR_CPANEL_USER*/.acme.sh” > /dev/null
📦 Set the domain variables in the terminal
1export DOMAIN=yourdomain.com2# Press enter and write then3export WWWDOMAIN=www.yourdomain.com4# Don't forget to press enter again
🔑 Testing if the certificate generation works
Before testing if generate the certificate is allowed, you need the path of the domain / subdomain from your Cpanel. Execute the following command and you’ll get the path
1export DOMAINPATH=$(uapi DomainInfo single_domain_data domain=$DOMAIN | grep documentroot| cut -d " " -f 6)
The result will be stored into DOMAINPATH
Then, you can use Acme to generate a STAGING certificate
1acme.sh —-issue —-webroot ${DOMAINPATH} -d ${DOMAIN} -d ${WWWDOMAIN} —-staging
Remember to only add -d $WWWDOMAIN, if you are using a www alias for your domain
If you receive green checks / messages. Congrats! You’re able to generate certificates into your Cpanel account.
🍄 Generating a real SSL certificate
1acme.sh —-issue —-webroot ${DOMAINPATH} -d ${DOMAIN} -d ${WWWDOMAIN} —-force
➕ Add your certificate to Cpanel
1acme.sh —-deploy —-deploy-hook cpanel_uapi —-domain ${DOMAIN} --domain ${WWWDOMAIN}
Remember, you’ll need to repeat each step from step “Set the domain variables in the terminal” and forward by each domain / subdomain whenever you add it.