web-cp.net

"open source web hosting control panel"

← Back to Articles

Configuring SSL with Let's Encrypt

2025-11-20 · Sarah Chen guide ssl security

Web-CP 0.8 introduced built-in Let’s Encrypt support, making it easy to provision free SSL certificates for all your hosted domains. This article covers setup and configuration.

Prerequisites

  • Web-CP 0.8.0 or later
  • Port 80 accessible from the internet (for HTTP-01 challenge)
  • Valid DNS records pointing to your server for each domain

Enabling Let’s Encrypt

Server-Level Configuration

Log into the Server Control Panel and navigate to Server Settings → SSL/TLS.

  1. Set Let’s Encrypt Enabled to Yes
  2. Enter a valid contact email address (Let’s Encrypt will send expiry notifications)
  3. Set the auto-renewal interval (default: 60 days, certificates are valid for 90 days)
  4. Click Save

Per-Domain Certificates

Domain owners can enable SSL for their domains from the Domain Control Panel:

  1. Go to Domain Settings → SSL/TLS
  2. Click Request Certificate
  3. Select which names to include (domain, www subdomain, any aliases)
  4. Click Issue Certificate

The certificate will be provisioned within a few minutes. Apache will be automatically reconfigured to serve the certificate.

Wildcard Certificates

Wildcard certificates require DNS-01 validation. Web-CP supports this if you’re using BIND for DNS:

  1. In Domain Settings → SSL/TLS, check Wildcard Certificate
  2. Web-CP will automatically create the required TXT records
  3. After validation, the wildcard certificate is issued

Automatic Renewal

A cron job runs daily to check for certificates expiring within 30 days. Renewal happens automatically with no downtime — the new certificate is installed and Apache is gracefully reloaded.

To check certificate status across all domains:

sudo /usr/local/webcp/bin/webcp-ssl --status

Troubleshooting

Certificate issuance fails: Ensure port 80 is open and the domain’s DNS correctly points to your server. Let’s Encrypt must be able to reach http://yourdomain.com/.well-known/acme-challenge/.

Rate limits: Let’s Encrypt has rate limits (50 certificates per registered domain per week). Plan bulk issuance accordingly.

Renewal failures: Check /usr/local/webcp/logs/ssl.log for error details.