{"id":721,"date":"2021-01-09T00:33:45","date_gmt":"2021-01-09T00:33:45","guid":{"rendered":"http:\/\/www.ishygddt.xyz\/~blog\/?p=721"},"modified":"2022-03-08T18:58:10","modified_gmt":"2022-03-08T18:58:10","slug":"namecheap-lets-encrypt","status":"publish","type":"post","link":"http:\/\/www.ishygddt.xyz\/~blog\/2021\/01\/namecheap-lets-encrypt","title":{"rendered":"[WIP] Namecheap let's encrypt"},"content":{"rendered":"<p>First, go to cPanel's SSL\/TLS, Private Keys, View. Note the <strong>ID<\/strong> of your TLS key; copy it to your clipboard or something. (Be careful not to grab any extraneous spaces or anything; triple-clicking to select the whole line <em>did<\/em> work for me, but just be sure you're paying attention.)<\/p>\n<p>Then, go to cPanel's Terminal and execute the following commands:<\/p>\n<ul>\n<li><code class=\"language-bash\" data-line=\"\">mkdir -p ~\/virtualenv<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">\/opt\/alt\/python37\/bin\/python3 -m venv ~\/virtualenv\/simp_le<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">bash<\/code>\n<ul>\n<li><code class=\"language-bash\" data-line=\"\">. ~\/virtualenv\/simp_le\/bin\/activate<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">pip install simp-le-client<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">mkdir -v ~\/ssl\/simp_le<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">pushd ~\/ssl\/simp_le<\/code>\n<ul>\n<li><code class=\"language-bash\" data-line=\"\">read -p &quot;Paste the TLS key ID you copied earlier: &quot; tls_key_id<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">ln -vsf ..\/keys\/${tls_key_id}.key key.pem<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">printf &#039;\\n&#039; &gt; newline.txt<\/code><\/li>\n<li><code class=\"language-bash\" data-line=\"\">exit<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Then, edit a new file (you can either use <code class=\"language-bash\" data-line=\"\">nano<\/code> or <code class=\"language-bash\" data-line=\"\">vi<\/code> directly from the Terminal, or go out to the file manager to do this):<\/p>\n<pre><code class=\"language-bash\" data-line=\"\">#!\/bin\/sh\n#\t~\/ssl\/renew.sh\n# http:\/\/www.ishygddt.xyz\/~blog\/2021\/01\/namecheap-lets-encrypt\n. ~\/virtualenv\/simp_le\/bin\/activate\ncd &quot;${workdir=$HOME\/ssl\/simp_le}&quot;\nlogfile=&quot;$(date -u +&#039;%Y%m%d%H%M%S&#039;).log&quot;\n# https:\/\/github.com\/zenhack\/simp_le\nsimp_le ${acme_endpoint+--server &quot;${acme_endpoint}&quot;}\\\n\t--email &quot;${email-${USER}@${HOSTNAME}}&quot;\\\n\t--default_root &quot;${default_root=$HOME\/public_html}&quot;\\\n\t-f account_key.json\\\n\t-f account_reg.json\\\n\t-f key.pem --reuse_key\\\n\t-f cert.pem\\\n\t-f chain.pem\\\n\t&quot;${@}&quot; 2&gt;&gt; &quot;$logfile&quot;\ns=$? #TODO refactor with https:\/\/unix.stackexchange.com\/a\/178541\/26420\nif [ $s -eq 1 ] ; then exit 0 ; fi # Renewal not needed\n\ncat &quot;$logfile&quot; 1&gt;&amp;2\ncat chain.pem newline.txt\nexit $s\n<\/code><\/pre>\n<p>Add something like the following crontab entry (note that specifying the e-mail is optional; if you leave it unset, it'll use your Namecheap cPanel user system account's, which <em>is<\/em> deliverable):<\/p>\n<pre><code class=\"language-bash\" data-line=\"\">0 \t0 \t0 \t* \t* \temail=&#039;ssladmin@example.com&#039; sh $HOME\/ssl\/renew.sh -d example.com -d www.example.com -d static.example.com:$HOME\/static --valid_min 3000000<\/code><\/pre>\n<hr \/>\n<p>However, that said, I'll be leaving them at some point due to this lack of proper support for third-party SSL providers.<\/p>\n<p>They told one user (who was unsubscribing over this very issue) that they \u201ctruly believe purchased SSL is a better choice in most cases\u201d, and deleted <a href=\"https:\/\/gist.github.com\/stopspazzing\/c871f935771f14933c63#gistcomment-2475532\">a comment from another user<\/a> on their support page pointing out that it would cost the whole organization just $150 for the official cPanel plugin to add support for arbitrary SSL certificates for their many, many users (or could be done with an unofficial plugin for $30).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>First, go to cPanel's SSL\/TLS, Private Keys, View. Note the ID of your TLS key; copy it to your clipboard or something. (Be careful not to grab any extraneous spaces or anything; triple-clicking to select the whole line did work for me, but just be sure you're paying attention.) Then, go to cPanel's Terminal and &hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[96],"tags":[140,138,139,141],"class_list":["post-721","post","type-post","status-publish","format-standard","hentry","category-howto","tag-lets-encrypt","tag-namecheap","tag-shared-webhosting","tag-tls"],"_links":{"self":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts\/721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/comments?post=721"}],"version-history":[{"count":34,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts\/721\/revisions"}],"predecessor-version":[{"id":1035,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/posts\/721\/revisions\/1035"}],"wp:attachment":[{"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/media?parent=721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/categories?post=721"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.ishygddt.xyz\/~blog\/wp-json\/wp\/v2\/tags?post=721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}