NameCheap hosting will promise you "Free SSL" when you sign up for hosting, but it's a trap. What you get is actually the first year free, for a certificate that will cost you $9/year, plus all the frustration and developer time to manage renewals of that SSL certificate.
Let’sEncrypt, on the other hand, provides always-free SSL certificates. Many modern web hosting providers include SSL certificates from Let’sEncrypt, by default, with your new hosting plans.
Until NameCheap decides to get with the program, we'll need to manually configure our hosting accounts there to use Let’sEncrypt certificates, which can be a but of a pain. Here's how I did it for one of my sites recently.
Get access to the server
In order to install the certificate on the server, you will either need ssh access, or to run the "Terminal" application from within cPanel. You can find it in the "Advanced" section.
Install the necessary software on the server
Once you have command-line access to your server, you will want to install a free open-source script named
acme.sh. This script is commonly used for setting up Let’sEncrypt certificates.
> curl https://get.acme.sh | sh
You can confirm the script is installed by checking for a directory named
.acme.sh. Since it starts with a . you will need to run the command
ls -a in order to confirm it is there.
Next, you will want to change the default certificate authority used by the script to Let’sEncrypt.
> .acme.sh/acme.sh --set-default-ca --server letsencrypt
Install the certificate directly on the server
Next, you'll issue new certificates for the domains used to access the website. (Replace
example.com in the line below, with your own domain, and
ncusername with your NameCheap cPanel username)
> .acme.sh/acme.sh --issue -d www.example.com -d example.com -w /home/ncusername/example.com
If this command completes without issue, it will provide you with the location of the files it generated. Copy the contents of both the
.cer file and the
.key file to a safe location. You will need these for the next step, updating cPanel.
[Tue 2022] Your cert is in: /home/bollobcz/.acme.sh/www.example.com/www.example.com.cer
[Tue 2022] Your cert key is in: /home/bollobcz/.acme.sh/www.example.com/www.example.com.key
[Tue 2022] The intermediate CA cert is in: /home/bollobcz/.acme.sh/www.example.com/ca.cer
[Tue 2022] And the full chain certs is there: /home/bollobcz/.acme.sh/www.example.com/fullchain.cer
Tell cPanel to use the new certificate
> .acme.sh/acme.sh --deploy -d www.example.com -d example.com --deploy-hook cpanel_uapi
OR, Configure cPanel manually to use the new certificate
Close the terminal window in cPanel. Next, you will run the "SSL/TLS" application from within cPanel. You can find it in the "Security" section.
Once you are in this section, look for a link with the text
Manage SSL sites. It may be in different places on different versions of cPanel, but on mine it's at the lower right.
Scroll to the bottom of the next page where you will be able to select the domain that is using the new certificate, and paste in the contents of the the
.cer file and the
.key file. Then click "Install Certificate"
Once installed, you should see the domain in the list of "Manage Installed SSL Websites" at the top of this page. Confirm all the domains you listed in the issue command have green lock cons beside them.
Confirm the certificate will auto-renew
One of the down-sides of Let’sEncrypt certificates is that they are only valid for 90 days. Fortunately, they are also easy to automatically renew. By using the
acme.sh script to issue the certificates for your site, you should also have created a cron job to renew them.
To confirm, you will need to open the "Cron Jobs" application from within cPanel. You can also find it in the "Advanced" section.
Scroll to the bottom of this page, look for the section labeled "Current Cron Jobs". You should see a task containing
"/home/ncuername/.acme.sh"/acme.sh --cron --home "/home/ncuername/.acme.sh" > /dev/null (where
ncusername is your NameCheap cPanel username)
If so, you're all set!