EFF Let's Encrypt SSL certificate usage

Discussion in 'Security' started by Terry Frazier, Nov 8, 2016.

Tags:
  1. Terry Frazier

    Terry Frazier New Member

    I did a quick search for this and did not see any posts so excuse me if this is a repeat.

    My SSL certificates are expiring at the end of the month and I am considering using the free EFF CA rather than paying to renew the Comodo certs I have now.

    Does KH support this? If so is there anything special I need to know? And has anyone here used them?

    As I understand it, this is only recently available but I have a couple of friends in Europe who have set it up. I do not actually remember the details of what I did last time, but I think I ordered Comodo certs from NameCheap.com and then KH Tech Support installed them for me.

    Thanks.
     
  2. phpAddict

    phpAddict Active Member

    I've not yet used the feature myself but cPanel just did an update that includes that feature. As I understand it's now just a couple clicks in WHM and you're good to go. I know KH will help/support it if needed too.
     
  3. Dan

    Dan Moderator

    Hi Terry,

    I recently enabled this myself, it was pretty painless actually and works great for me. Here's a post I wrote on how I went about it.

    There are differences between a Let's Encrypt SSL and a CA SSL though which you'll have to decide whether or not those matter to you.
     
  4. Fred

    Fred Member

    Hi Dan,
    I am using Let's Encrypt as well on my servers but have an interesting problem that I haven't found a solution for yet.
    Under normal circumstances the sites would load just fine but when using "Firefox Dev Edition" browser I get an "Error code: SEC_ERROR_UNKNOWN_ISSUER"
    Also had reports that "Black Berry" mobiles can't access the sites.

    Any ideas? Is there an intermediate certificate that needs to be installed?
     
  5. Terry Frazier

    Terry Frazier New Member

    Thanks to both of you. Dan, I'll have a look at that article. My goal at the moment is just to enable SSL connections everywhere. Thanks for the help.
     
  6. Dan

    Dan Moderator

    Hi Fred,

    I would guess that the problem is the same in both cases, they haven't added the CA to be trusted.

    I found some posts searching for the Black Berry issue as I figured that would be easier. This post actually links to the CA so I'll use that one, install it into FF as well and you will hopefully be GTG!
     
  7. Fred

    Fred Member

    Dan that was my thought as well.

    However installing the CA to FF isn't really solving the problem. Not to concerned about FF Def.
    As for BB I guess we will just have to wait till BB supports lets encrypt.
     
  8. TMCS

    TMCS New Member

    Fred likes this.
  9. Fred

    Fred Member

    Thanks for that @TMCS.
    I will forward the link to the client that raised the issue.
     
  10. Terry Frazier

    Terry Frazier New Member

    I have a question regarding using the AutoSSL domain certs for ftp. Is that possible?

    I setup AutoSSL and it seems to be working fine. But all domains are currently listed as www.domain.com/domain.com/mail.domain.com. Seems like I ought to be able to add ftp.domain.com but maybe not.
     

Share This Page