Using Let’s Encrypt certificates on Namecheap’s shared hosting is one of those tricky things that there are a couple tutorials for, but you’re not sure if they’re up to date, or even if they’ll work for you. Since this blog is for documenting those kinds of weird situations I find myself in and how I handled them, why not start with an issue I faced while setting it up?
This will be applicable to anyone with Namecheap’s shared hosting with cPanel. I’ve used it for the old “value” hosting plan, and the current “stellar” plan. This site is running WordPress, installed via the Softaculous installer in cPanel.
The first thing you’ll need to do is enable SSH access to your account. Namecheap has an article on how to do this. Once that’s done, SSH in with your preferred client. Now we need to install acme.sh, a client to handle the generation and installation of the certificates:
git clone https://github.com/Neilpang/acme.sh.git
Easy enough. Now start a new Bash shell so that we get acme.sh in our PATH. Just run
bash, no need to disconnect and reconnect. Before we proceed, though, I found that acme.sh wiped out my crontab, including the scheduled Softaculous backups. If you have anything in your crontab, I suggest you back it up. Done? Now we’re ready to generate and install the certs! The commands are as follows. You can pass
-d to each as many times as you like, for each subdomain you’ll be using. Of course, substitute your own domain for mine.
acme.sh --issue -d massingham.net -d www.massingham.net -w $HOME/public_html/
acme.sh --install-cert -d massingham.net -d www.massingham.net
acme.sh --deploy -d massingham.net -d www.massingham.net --deploy-hook cpanel_uapi
At this point the certs have been generated and installed to your website. You’ll probably need to open a different browser to confirm, as the one you’re in has probably cached the self-signed certificate. If all went well, it will show secure, and inspecting the certificate should show that it was issued by Let’s Encrypt! Your regular browser will show the updated certificate once it decides to check for a new one.
If you had something in your crontab already, you can now restore it. You’ll notice that there’s a new line in there for acme.sh. This scheduled task will run daily to check your cert and automatically renew it as necessary. As an aside, I noticed that the path to the script had quotes around it. Since I wasn’t sure if that was correct, I edited it to remove them, leaving the quotes around the path to the .acme.sh directory. The final line looked like this:
31 0 * * * /home/username/.acme.sh/acme.sh --cron --home "/home/username/.acme.sh"
Hope that makes it easy for anyone reading, or for myself in the future. Feel free to leave questions or comments below!