-
-
Save stopspazzing/c871f935771f14933c63 to your computer and use it in GitHub Desktop.
********* <sslsupport@namecheap.com> | |
Dec 13, 2015, 10:53 AM | |
to: | |
“emailremoved” <emailremoved> | |
Dear Jeremy, | |
We are deeply sorry to know that you have decided to end our relationships, both because we value your business and because we truly believe purchased SSL is a better choice in most cases. | |
We'll happily provide a 30% discount on your SSL renewal if you'll stay with us. | |
Regarding the cPanel plugin for Let's Encrypt, unfortunately at this point we are unable to tell exactly if we will be implementing it or not since it involves a big amount of changes to our servers structure. | |
We will treat any decision of yours with proper respect and understanding. | |
If there is anything else you would like to discuss about this matter or have any additional questions or comments, please feel free to reply to this email. | |
----------------------------- | |
Regards, | |
********* | |
Customer Support Specialist | |
SSL Department |
Namecheap makes money off of SSL certificates (they also own ssls.com) so this would cut into their bottom line.
I left Namecheap because they failed to implement the ability to have a TXT record longer than 255 bytes. The UI silently truncates the string. This causes problems for DKIM signatures with strong keys.
Namecheap seem to have become complacent with their place in the industry. the new UI also sucks. They're on their way out the door.
así es la vida...
Looks like they do support SSL/TLS certs, but not sure if it's all-encompassing for all kinds of certs, including those not bought specifically through Namecheap. I was just on the cPanel for my previous non-SSL site, made a self-signed cert (I know -- NOT secure, technically) and was able to install it under cPanel --> Security --> SSL/TLS.
They do still upsell with the Namecheap SSL right at the top. I might just go with that, since it's $11 USD/yr for Positive SSL basic personal domains (limited to one domain.) They may or may not support the free ones you can generate from https://letsencrypt.org/
I have been able to generate a Let's Encrypt cert fully. There are several steps but it's doable.
Incidentally just moved to this host and very happy with the complete tooling they offer.
General steps:
- Enable SSH to your account - most likely it is already enabled, but you need to generate an SSH key pair from the cPanel. Then, they are running the service on a high port, not 22. Consult their tech docs for port #. SSH in with your cPanel name and password.
- make a directory for all your cert work. Cd to it.
- git is installed; clone or fork this repo on Git: https://github.com/diafygi/letsencrypt-nosudo
- open up two SSH windows. Follow the instructions carefully, particularly the step to use --file-based since you are already running a web server. You do not need to monkey with getting a python server. Also, when it asks for your email, use something from the domain the cert pertains to. (just set up an alias pointing elsewhere if you don't have one already).
- Follow script commands and output, and you will be rewarded with a signed.crt.
Note here you'll have to put a file in a special place to serve out of the webserver. I did this all through SSH but you could use other tools to suit. - Cat the cert, then paste it into the cPanel tool for adding SSL certs.
- New cert will be recognized with the proper domain, keysize, expiration date etc.
- Enjoy your free cert.
I also got LE working, using acme.sh.
Enable SSH to your account. They told me they have to do this manually thru support. Nonstandard port, listed in their SSL topic in support.
I used PuTTY
I succeeded w the acme.sh script. NC's webroot is \public_html, and you need to specify this in acme
use --staging to avoid timeouts during testing, then --force once you do.
use -d to install mult subdomains eg www.
Then you need to install the SSL cert thru cPanel-follow their instructions.
The biggest prob I had was webroot.
YMMV.
Note, to run with --file-based
it has to be the first flag, if it's the second you get an error.
In the part that says to replace user.key
with my private key, where's my private key? How do I get it?
I use Letencrypt with sites I host at namecheap even without ssh access. I generate the LE certificates online and upload to ssl manager via cpanel. It works!
Check the detailed explanation here: https://savedlog.com/uncategorized/letsencrypt-ssl-certificate-namecheap-hosting/
It is what @tashavanes described but more detailed.
@jidetheblogger Hi there. How did you did the verification on SSLforfree.com ? I use namecheap but at the momento I can't get an SSL certificate from Let's Encrypt for the domain.tld and www.domain.tld at the same time. Any thought's?!
@Rex-0x7CB Hi there. Thanks for your helpful post above of the namecheap support chat. I'm looking to do what you did with Let's Encrypt and Namecheap but my coding skills & CS knowledge are not to your level. I'm confident I can upload the SSL files in cPanel once I have obtained them from Certbot. My problem is about getting the files from Certbot. What software and system did you select? If mine are different to yours, how do I find them out? As you are probably aware, Certbot says you need shell access or...switch hosting! ie. no in-between. Any help appreciated.
I commented to Namecheap on their website about not supporting Let's Encrypt and they deleted by my comments... not impressed. Here's a snapshot of the two now deleted comments.
(Here's the text version of what I wrote so it gets pick up by search enignes. One correction I should probably make is that when I used the word security, in most cases a more appropriate word should have been assurance because as far as I know your certs are just as encrypted, the business itself is just not as thoroughly human verified.)
How to install SSL using Namecheap cPanel plugin?
The first comment (which they deleted)
Not possible? You could do it organization-wide for a $150... not bad. The choice should be ours if we choose a free less-secure SSL cert as many many other major providers much larger and with more at risk are offering it. There simply are just sites that don't matter, like a blog. Google is rewarding SSL sites and not everyone needs high security... just an SSL enabled site. You are not giving us the option to choose our level of security.
- https://letsencrypt-for-cpanel.com/
- https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/
The second comment posted after a reply from them (they deleted this one too)
https://letsencrypt-for-cpanel.com/
letsencrypt CAN BE DONE on shared servers. It would cost Namecheap a whopping $30 to support it directly within CPanel organization-wide, plus you'd get free updates so you don't have to maintain anything. I develop and host myself so have a little knowledge about this.
I really appreciate your philosophy of just offering the lowest price without endless sales. Because of this I have actually been recommending you to many people in expectation that you'll keep the same philosophy and not got the way of GoDaddy with bait and switch. Hoping you'll also hold up the standard for offering something that is freely available to the public and not withhold it because of a competition with a $9/year certificate.
I hope someone can post directions how to setup LE for the new NameCheap mini hosting plan easyWP (a wordpress implementation lacking SSH, without cPanel. It has an upload option from the management pane that I don't know how to deal)
Looks like they do support SSL/TLS certs, but not sure if it's all-encompassing for all kinds of certs, including those not bought specifically through Namecheap. … They may or may not support the free ones you can generate from https://letsencrypt.org/
@rishadq You can install any cert you want (including LE certs)… but you have to get it re-issued yourself and then log into cPanel and install it by hand (every <90 days for LE, for instance) if you use any cert provider other than Namecheap.
It's an embarrassing cash grab, and I'll certainly cite it to support as my primary reason for leaving once I find a provider solid enough to leave their (otherwise splendid) hosting for.
In the meanwhile, I've made a cron script to automatically e-mail you new certificates for Namecheap shared webhosting; I haven't kicked the tires fully yet but it seems to work:
Hi
Is there an updated way to generate, upload and install certificate in namecheap shared ?
I've tried the git repo certbot-nosudo without success
I can ssh the server correctly
@kabeza You cannot. Namecheap does not offer any API to do this. This is a business decision on behalf of their business partners, not their customers.
The only options I can see are:
- automate the issuance and paste it by hand into CPanel once every 70 days
- "force" an API into cpanel by using Selenium or something
- change your hosting from managed webhost to a VPS
- change your hosting from Namecheap to another managed webhost
@kabeza You cannot. Namecheap does not offer any API to do this. This is a business decision on behalf of their business partners, not their customers.
I wasn't looking for an api but a way to use certbot in their shared server.
The only options I can see are:
- automate the issuance and paste it by hand into CPanel once every 70 days
- "force" an API into cpanel by using Selenium or something
- change your hosting from managed webhost to a VPS
- change your hosting from Namecheap to another managed webhost
I was able to do it on my Ubuntu box and then upload/paste/install in Namecheap
https://medium.com/@tsui.gordon.9/generate-let-encrypt-ssl-certificate-manually-using-the-http-challenge-64b14750e3f8
a way to use certbot in their shared server … I was able to do it on my Ubuntu box and then upload/paste/install
@kabeza Yes, in the message I posted on this thread in May of 2021 I included a shell script to do exactly that.
The medium essay that you posted involves many manual steps to be repeated quarterly: you have to, of your own volition, (1) execute certbot, then (2) upload a file to the hosting, then (3) finish executing certbot, then (4) paste the certificate into CPanel. This is a nuisance.
Contrast that with my shell script which, once installed into Cron on the shared hosting, will automatically do the first 3 of those with no user intervention—you'll get an e-mail every 70 days containing the new cert and you only have to paste it up into CPanel—just one manual action (that you'll be reminded to do via e-mail, so you don't even have to keep track of it yourself).
Obviously the better solution would be to change providers, but if you're stuck on namecheap I think using a cron script on the shared hosting with manual uploading only of the cert is about as easy as it gets.
Namecheap interface silently truncates these records, leading to serious problems, particularly with DKIM signatures that require strong encryption keys. This oversight can result in email deliverability issues, which is unacceptable for anyone who relies on secure communication. I discovered this issue while working on a project with https://bizistech.com/, where precise DNS settings were crucial for maintaining the integrity of our email campaigns.
It seems that Namecheap has grown complacent in their position within the industry. Instead of innovating and improving their services, they’ve allowed critical flaws to persist. Additionally, their newly designed user interface is a step backward, complicating rather than enhancing the user experience. Unfortunately, if they continue down this path, they risk losing more customers like me who demand reliability and functionality.
Their SSL support page has been hounded by requests.
Some more unconfirmed details about their implementation plans. Safe to say they won't be implementing it for shared hosting.