Lets say you have added your own domain name as your hostname. And now you want to secure it with SSL. Here I will explain how to add Let's Encrypt SSL for cPanel Service Domain Hostname.
Install the Certbot from EPEL
# yum -y install epel-release
# yum repolist
# yum install --enablerepo=epel certbot
Create deploy-hook script for Certbot
Create hostname-ssl.sh
file
vim /usr/local/bin/hostname-ssl.sh
# Copy following lines on it
#!/bin/sh
set -e
/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/cpanel/cpanel.pem
/bin/chown cpanel:cpanel /var/cpanel/ssl/cpanel/cpanel.pem
/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem > /var/cpanel/ssl/exim/exim.key
/bin/cat /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/exim/exim.crt
/bin/chown mailnull:mail /var/cpanel/ssl/exim/exim.*
/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem > /var/cpanel/ssl/ftp/ftpd-rsa-key.pem
/bin/cat /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/ftp/ftpd-rsa.pem
/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/ftp/pure-ftpd.pem
/bin/chown root:wheel /var/cpanel/ssl/ftp/*
/bin/cat /etc/letsencrypt/live/$HOSTNAME/privkey.pem > /var/cpanel/ssl/dovecot/dovecot.key
/bin/cat /etc/letsencrypt/live/$HOSTNAME/cert.pem > /var/cpanel/ssl/dovecot/dovecot.crt
/bin/chown root:wheel /var/cpanel/ssl/dovecot/dovecot.*
/scripts/restartsrv_cpsrvd
/scripts/restartsrv_ftpd
/scripts/restartsrv_dovecot
/scripts/restartsrv_exim
Now make it executable
chmod +x /usr/local/bin/hostname-ssl.sh
Issue a certificate for cPanel hostname
With the following command you will be able to issue a Let’s Encrypt valid certificate for cPanel HOSTNAME
certbot --debug certonly -a webroot --agree-tos --webroot-path=/usr/local/apache/htdocs --deploy-hook=/usr/local/bin/hostname-ssl.sh --renew-by-default -d $HOSTNAME
Certificate renew cron job
00 02 * * * certbot renew