gistfile1.txt

********* <sslsupport@namecheap.com>
Dec 13, 2015, 10:53 AM
to:
“emailremoved” <emailremoved>
Dear Jeremy,

We are deeply sorry to know that you have decided to end our relationships, both because we value your business and because we truly believe purchased SSL is a better choice in most cases. 

We'll happily provide a 30% discount on your SSL renewal if you'll stay with us.

Regarding the cPanel plugin for Let's Encrypt, unfortunately at this point we are unable to tell exactly if we will be implementing it or not since it involves a big amount of changes to our servers structure.

We will treat any decision of yours with proper respect and understanding.

If there is anything else you would like to discuss about this matter or have any additional questions or comments, please feel free to reply to this email.


-----------------------------
Regards,
*********
Customer Support Specialist
SSL Department 

Rekt

Rekt

I'm about to leave mediatemple

I'm about to leave mediatemple

Yeah, stupid companies for not caring about our privacy online. Means they care more about money. Told them I'm leaving them because of no planned support.

Yeah, stupid companies for not caring about our privacy online. Means they care more about money. Told them I'm leaving them because of no planned support.

Their SSL support page has been hounded by requests.

Some more unconfirmed details about their implementation plans. Safe to say they won't be implementing it for shared hosting.

Their SSL support page has been hounded by requests.

Some more unconfirmed details about their implementation plans. Safe to say they won't be implementing it for shared hosting.

Namecheap makes money off of SSL certificates (they also own ssls.com) so this would cut into their bottom line.

I left Namecheap because they failed to implement the ability to have a TXT record longer than 255 bytes. The UI silently truncates the string. This causes problems for DKIM signatures with strong keys.

Namecheap seem to have become complacent with their place in the industry. the new UI also sucks. They're on their way out the door.

Namecheap makes money off of SSL certificates (they also own ssls.com) so this would cut into their bottom line.

I left Namecheap because they failed to implement the ability to have a TXT record longer than 255 bytes. The UI silently truncates the string. This causes problems for DKIM signatures with strong keys.

Namecheap seem to have become complacent with their place in the industry. the new UI also sucks. They're on their way out the door.

así es la vida...

así es la vida...

Looks like they do support SSL/TLS certs, but not sure if it's all-encompassing for all kinds of certs, including those not bought specifically through Namecheap. I was just on the cPanel for my previous non-SSL site, made a self-signed cert (I know -- NOT secure, technically) and was able to install it under cPanel --> Security --> SSL/TLS.

They do still upsell with the Namecheap SSL right at the top. I might just go with that, since it's $11 USD/yr for Positive SSL basic personal domains (limited to one domain.) They may or may not support the free ones you can generate from https://letsencrypt.org/

Looks like they do support SSL/TLS certs, but not sure if it's all-encompassing for all kinds of certs, including those not bought specifically through Namecheap. I was just on the cPanel for my previous non-SSL site, made a self-signed cert (I know -- NOT secure, technically) and was able to install it under cPanel --> Security --> SSL/TLS.

They do still upsell with the Namecheap SSL right at the top. I might just go with that, since it's $11 USD/yr for Positive SSL basic personal domains (limited to one domain.) They may or may not support the free ones you can generate from https://letsencrypt.org/

I have been able to generate a Let's Encrypt cert fully. There are several steps but it's doable.
Incidentally just moved to this host and very happy with the complete tooling they offer.

General steps:

1. Enable SSH to your account - most likely it is already enabled, but you need to generate an SSH key pair from the cPanel. Then, they are running the service on a high port, not 22. Consult their tech docs for port #. SSH in with your cPanel name and password.
2. make a directory for all your cert work. Cd to it.
3. git is installed; clone or fork this repo on Git: https://github.com/diafygi/letsencrypt-nosudo
4. open up two SSH windows. Follow the instructions carefully, particularly the step to use --file-based since you are already running a web server. You do not need to monkey with getting a python server. Also, when it asks for your email, use something from the domain the cert pertains to. (just set up an alias pointing elsewhere if you don't have one already).
5. Follow script commands and output, and you will be rewarded with a signed.crt.
   Note here you'll have to put a file in a special place to serve out of the webserver. I did this all through SSH but you could use other tools to suit.
6. Cat the cert, then paste it into the cPanel tool for adding SSL certs.
7. New cert will be recognized with the proper domain, keysize, expiration date etc.
8. Enjoy your free cert.

I have been able to generate a Let's Encrypt cert fully. There are several steps but it's doable.
Incidentally just moved to this host and very happy with the complete tooling they offer.

General steps:

1. Enable SSH to your account - most likely it is already enabled, but you need to generate an SSH key pair from the cPanel. Then, they are running the service on a high port, not 22. Consult their tech docs for port #. SSH in with your cPanel name and password.
2. make a directory for all your cert work. Cd to it.
3. git is installed; clone or fork this repo on Git: https://github.com/diafygi/letsencrypt-nosudo
4. open up two SSH windows. Follow the instructions carefully, particularly the step to use --file-based since you are already running a web server. You do not need to monkey with getting a python server. Also, when it asks for your email, use something from the domain the cert pertains to. (just set up an alias pointing elsewhere if you don't have one already).
5. Follow script commands and output, and you will be rewarded with a signed.crt.
   Note here you'll have to put a file in a special place to serve out of the webserver. I did this all through SSH but you could use other tools to suit.
6. Cat the cert, then paste it into the cPanel tool for adding SSL certs.
7. New cert will be recognized with the proper domain, keysize, expiration date etc.
8. Enjoy your free cert.

I also got LE working, using acme.sh.

Enable SSH to your account. They told me they have to do this manually thru support. Nonstandard port, listed in their SSL topic in support.
I used PuTTY
I succeeded w the acme.sh script. NC's webroot is \public_html, and you need to specify this in acme
use --staging to avoid timeouts during testing, then --force once you do.
use -d to install mult subdomains eg www.

Then you need to install the SSL cert thru cPanel-follow their instructions.

The biggest prob I had was webroot.
YMMV.

I also got LE working, using acme.sh.

Enable SSH to your account. They told me they have to do this manually thru support. Nonstandard port, listed in their SSL topic in support.
I used PuTTY
I succeeded w the acme.sh script. NC's webroot is \public_html, and you need to specify this in acme
use --staging to avoid timeouts during testing, then --force once you do.
use -d to install mult subdomains eg www.

Then you need to install the SSL cert thru cPanel-follow their instructions.

The biggest prob I had was webroot.
YMMV.

Note, to run with --file-based it has to be the first flag, if it's the second you get an error.

In the part that says to replace user.key with my private key, where's my private key? How do I get it?

Note, to run with --file-based it has to be the first flag, if it's the second you get an error.

In the part that says to replace user.key with my private key, where's my private key? How do I get it?

I use Letencrypt with sites I host at namecheap even without ssh access. I generate the LE certificates online and upload to ssl manager via cpanel. It works!

I use Letencrypt with sites I host at namecheap even without ssh access. I generate the LE certificates online and upload to ssl manager via cpanel. It works!

Check the detailed explanation here: https://savedlog.com/uncategorized/letsencrypt-ssl-certificate-namecheap-hosting/
It is what @tashavanes described but more detailed.

Check the detailed explanation here: https://savedlog.com/uncategorized/letsencrypt-ssl-certificate-namecheap-hosting/
It is what @tashavanes described but more detailed.

I just talked to one of the members from their SSL Support and I was told that I can use Certificate from Let's Encrypt even with an SSH connection. Here's the screenshots of that chat:

I just talked to one of the members from their SSL Support and I was told that I can use Certificate from Let's Encrypt even with an SSH connection. Here's the screenshots of that chat:

@jidetheblogger Hi there. How did you did the verification on SSLforfree.com ? I use namecheap but at the momento I can't get an SSL certificate from Let's Encrypt for the domain.tld and www.domain.tld at the same time. Any thought's?!

@jidetheblogger Hi there. How did you did the verification on SSLforfree.com ? I use namecheap but at the momento I can't get an SSL certificate from Let's Encrypt for the domain.tld and www.domain.tld at the same time. Any thought's?!

@Rex-0x7CB Hi there. Thanks for your helpful post above of the namecheap support chat. I'm looking to do what you did with Let's Encrypt and Namecheap but my coding skills & CS knowledge are not to your level. I'm confident I can upload the SSL files in cPanel once I have obtained them from Certbot. My problem is about getting the files from Certbot. What software and system did you select? If mine are different to yours, how do I find them out? As you are probably aware, Certbot says you need shell access or...switch hosting! ie. no in-between. Any help appreciated.

@Rex-0x7CB Hi there. Thanks for your helpful post above of the namecheap support chat. I'm looking to do what you did with Let's Encrypt and Namecheap but my coding skills & CS knowledge are not to your level. I'm confident I can upload the SSL files in cPanel once I have obtained them from Certbot. My problem is about getting the files from Certbot. What software and system did you select? If mine are different to yours, how do I find them out? As you are probably aware, Certbot says you need shell access or...switch hosting! ie. no in-between. Any help appreciated.

I commented to Namecheap on their website about not supporting Let's Encrypt and they deleted by my comments... not impressed. Here's a snapshot of the two now deleted comments.

(Here's the text version of what I wrote so it gets pick up by search enignes. One correction I should probably make is that when I used the word security, in most cases a more appropriate word should have been assurance because as far as I know your certs are just as encrypted, the business itself is just not as thoroughly human verified.)

How to install SSL using Namecheap cPanel plugin?

The first comment (which they deleted)

Not possible? You could do it organization-wide for a $150... not bad. The choice should be ours if we choose a free less-secure SSL cert as many many other major providers much larger and with more at risk are offering it. There simply are just sites that don't matter, like a blog. Google is rewarding SSL sites and not everyone needs high security... just an SSL enabled site. You are not giving us the option to choose our level of security.

• https://letsencrypt-for-cpanel.com/
• https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/

The second comment posted after a reply from them (they deleted this one too)

https://letsencrypt-for-cpanel.com/

letsencrypt CAN BE DONE on shared servers. It would cost Namecheap a whopping $30 to support it directly within CPanel organization-wide, plus you'd get free updates so you don't have to maintain anything. I develop and host myself so have a little knowledge about this.

I really appreciate your philosophy of just offering the lowest price without endless sales. Because of this I have actually been recommending you to many people in expectation that you'll keep the same philosophy and not got the way of GoDaddy with bait and switch. Hoping you'll also hold up the standard for offering something that is freely available to the public and not withhold it because of a competition with a $9/year certificate.

I commented to Namecheap on their website about not supporting Let's Encrypt and they deleted by my comments... not impressed. Here's a snapshot of the two now deleted comments.

(Here's the text version of what I wrote so it gets pick up by search enignes. One correction I should probably make is that when I used the word security, in most cases a more appropriate word should have been assurance because as far as I know your certs are just as encrypted, the business itself is just not as thoroughly human verified.)

How to install SSL using Namecheap cPanel plugin?

The first comment (which they deleted)

Not possible? You could do it organization-wide for a $150... not bad. The choice should be ours if we choose a free less-secure SSL cert as many many other major providers much larger and with more at risk are offering it. There simply are just sites that don't matter, like a blog. Google is rewarding SSL sites and not everyone needs high security... just an SSL enabled site. You are not giving us the option to choose our level of security.

• https://letsencrypt-for-cpanel.com/
• https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/

The second comment posted after a reply from them (they deleted this one too)

https://letsencrypt-for-cpanel.com/

letsencrypt CAN BE DONE on shared servers. It would cost Namecheap a whopping $30 to support it directly within CPanel organization-wide, plus you'd get free updates so you don't have to maintain anything. I develop and host myself so have a little knowledge about this.

I really appreciate your philosophy of just offering the lowest price without endless sales. Because of this I have actually been recommending you to many people in expectation that you'll keep the same philosophy and not got the way of GoDaddy with bait and switch. Hoping you'll also hold up the standard for offering something that is freely available to the public and not withhold it because of a competition with a $9/year certificate.