gistfile1.txt

********* <sslsupport@namecheap.com>
Dec 13, 2015, 10:53 AM
to:
“emailremoved” <emailremoved>
Dear Jeremy,

We are deeply sorry to know that you have decided to end our relationships, both because we value your business and because we truly believe purchased SSL is a better choice in most cases. 

We'll happily provide a 30% discount on your SSL renewal if you'll stay with us.

Regarding the cPanel plugin for Let's Encrypt, unfortunately at this point we are unable to tell exactly if we will be implementing it or not since it involves a big amount of changes to our servers structure.

We will treat any decision of yours with proper respect and understanding.

If there is anything else you would like to discuss about this matter or have any additional questions or comments, please feel free to reply to this email.


-----------------------------
Regards,
*********
Customer Support Specialist
SSL Department 

Rekt

I'm about to leave mediatemple

Yeah, stupid companies for not caring about our privacy online. Means they care more about money. Told them I'm leaving them because of no planned support.

Their SSL support page has been hounded by requests.

Some more unconfirmed details about their implementation plans. Safe to say they won't be implementing it for shared hosting.

Namecheap makes money off of SSL certificates (they also own ssls.com) so this would cut into their bottom line.

I left Namecheap because they failed to implement the ability to have a TXT record longer than 255 bytes. The UI silently truncates the string. This causes problems for DKIM signatures with strong keys.

Namecheap seem to have become complacent with their place in the industry. the new UI also sucks. They're on their way out the door.

así es la vida...

Looks like they do support SSL/TLS certs, but not sure if it's all-encompassing for all kinds of certs, including those not bought specifically through Namecheap. I was just on the cPanel for my previous non-SSL site, made a self-signed cert (I know -- NOT secure, technically) and was able to install it under cPanel --> Security --> SSL/TLS.

They do still upsell with the Namecheap SSL right at the top. I might just go with that, since it's $11 USD/yr for Positive SSL basic personal domains (limited to one domain.) They may or may not support the free ones you can generate from https://letsencrypt.org/

I have been able to generate a Let's Encrypt cert fully. There are several steps but it's doable.
Incidentally just moved to this host and very happy with the complete tooling they offer.

General steps:

1. Enable SSH to your account - most likely it is already enabled, but you need to generate an SSH key pair from the cPanel. Then, they are running the service on a high port, not 22. Consult their tech docs for port #. SSH in with your cPanel name and password.
2. make a directory for all your cert work. Cd to it.
3. git is installed; clone or fork this repo on Git: https://github.com/diafygi/letsencrypt-nosudo
4. open up two SSH windows. Follow the instructions carefully, particularly the step to use --file-based since you are already running a web server. You do not need to monkey with getting a python server. Also, when it asks for your email, use something from the domain the cert pertains to. (just set up an alias pointing elsewhere if you don't have one already).
5. Follow script commands and output, and you will be rewarded with a signed.crt.
   Note here you'll have to put a file in a special place to serve out of the webserver. I did this all through SSH but you could use other tools to suit.
6. Cat the cert, then paste it into the cPanel tool for adding SSL certs.
7. New cert will be recognized with the proper domain, keysize, expiration date etc.
8. Enjoy your free cert.

I also got LE working, using acme.sh.

Enable SSH to your account. They told me they have to do this manually thru support. Nonstandard port, listed in their SSL topic in support.
I used PuTTY
I succeeded w the acme.sh script. NC's webroot is \public_html, and you need to specify this in acme
use --staging to avoid timeouts during testing, then --force once you do.
use -d to install mult subdomains eg www.

Then you need to install the SSL cert thru cPanel-follow their instructions.

The biggest prob I had was webroot.
YMMV.

Note, to run with --file-based it has to be the first flag, if it's the second you get an error.

In the part that says to replace user.key with my private key, where's my private key? How do I get it?

I use Letencrypt with sites I host at namecheap even without ssh access. I generate the LE certificates online and upload to ssl manager via cpanel. It works!