Featured LetsEncrypt 3.5.0

Provides free SSL certificates through the Let's Encrypt CA.


Plugin that implements ACME protocol through the Certbot client.
Administrator can enable/disable Let's Encrypt for the control panel and services (for free) in one-click.
Customers can enable/disable Let's Encrypt for their domains (for free) in one-click.


Plugin purchasing
Once connected on our forums, you can purchase this plugin at https://i-mscp.net/wcf/paid-subscription-list/


  • Version 3.5.0

    Version compatible with i-MSCP Serie 1.4.x, 1.5.x


    CHANGELOG

    • Fixed: Cron job for SSL certificates renewal abort due to missing bind variable (SQL statement)
    • Fixed: Required distribution packages are not installed while plugin installation (regression fix)
    • Review: Default policy for SSL certificate renewal (automation) now set to 21 days to fit with Let's Encrypt expiry notices
    • Updated: Certbot from version 0.24.0 to version 0.26.1
  • Version 3.4.2

    Version compatible with i-MSCP Serie 1.4.x, 1.5.x


    CHANGELOG

    • Fixed: Couldn't restore default SSL certificate when a Let's Encrypt system SSL certificate is being revoked (shared lineages)
    • Fixed: Couldn't trigger new attempt for SSL certificate revocation (pending task): Missing SANs input field (expected)
    • Fixed: Error while renewing system SSL certificate (shared lineage case): Column 'domain_id' cannot be null
    • Fixed: System SSL certificates (control panel, services) not backed up
    • Fixed: Unprocessed SSL certificates on renewal (shared lineages)


  • Version 3.4.1

    Version compatible with i-MSCP Serie 1.4.x, 1.5.x


    CHANGELOG

  • Version 3.4.0

    Version compatible with i-MSCP Serie 1.4.x, 1.5.x


    CHANGELOG

    • Added: Bulgarian translation file (Bulgaria)
    • Enhancement: Show next SSL certificate renewal date (automation) in UI (admin, client)
    • Fixed: Cron task for the pending tasks aborts too early due to check on SQL server status (Closes: #IP-1774)
    • Fixed: Cron task for SSL certificates renewal aborts too early due to check on SQL server status (Closes: #IP-1774)
    • Fixed: IDE inspections (PhpStorm), CS fixes (backend)
    • Removed: Local frontend side checks for the /.well-known/acme-challenge URL path reachability.
    • Removed: 'include_altnames' plugin configuration parameter: customers can now add DNS names (SANs) by themselves
    • Renamed: 'pending_wait' plugin configuration parameter to 'pending_policy'
    • Renamed: 'renew_before_expiry' plugin configuration parameter to 'renewal_policy'
    • Review: Default policy for SSL certificate renewal (automation) now set to 10 days
    • Updated: Certbot from version 0.15.0 to version 0.24.0
    • Updated: Translation files
    • Updated: Unit tests
  • Version 3.3.0

    Version compatible with i-MSCP Serie ≥ 1.4.x


    CHANGELOG

    • Added: Missing Polish (Poland) machine object file
    • Fixed: Call `cerbot` instead of `certbot-auto` wrapper; certbot-auto is now used only for installation/update
    • Fixed: Don't log errors that have not meant to be raised
    • Changed: Moved lock file to /var/lock
    • Removed: `certbot_self_upgrade` configuration parameter (see the UPDATE.md file)
    • Removed: Support for i-MSCP 1.3.x Serie
    • Updated: certbot-auto from version 0.14.1 to version 0.15.0
  • Version 3.2.1

    Version compatible with i-MSCP 1.3.x, 1.4.x Series


    CHANGELOG

    • Fixed: NOOP when reusing control panel or services SSL certificate (regression fix)
    • Updated: certbot-auto from version 0.14.1 to version 0.14.2
  • Version 3.2.0

    Version compatible with i-MSCP 1.3.x Serie (version >= 1.3.1), 1.4.x Serie


    CHANGELOG

    • Added: Support for Devuan Jessie 1.0 RC (by patching certbot-auto)
    • Added: Custom user-agent for certbot (LetsEncrypt/<version> (i-MSCP Let's Encrypt plugin; +https://www.i-mscp.net)
    • Fixed: Can't use an undefined value as a HASH reference; DBI::selectrow_hashref() return undef on empty results
    • Fixed: Cron tasks are not registered on core upgrade/reconfiguration leading to unrenewed SSL certificates
    • Fixed: If a certificate is already expired, a new issuance is needed (pre-clean of the old lineage is needed)
    • Fixed: Self-upgrade of certbot-auto is now disabled by default to avoid breaking of plugin due to possible API changes.
    • Fixed: Unable to clean up challenge directory (certbot)
    • Fixed: Wrong ownership and permissions set on the /usr/local/share/ca-certificates/fakelerootx1.crt file
    • Renamed: `certbot_self_update' configuration parameter to `certbot_self_upgrade'
    • Updated: certbot-auto from version 0.13.0 to version 0.14.1
    • Updated: Dutch (Netherlands) translation file (Thanks to theemstra)
    • Updated: Unit tests
  • Version 3.1.0

    Version compatible with i-MSCP 1.3.x Serie (version >= 1.3.1) or 1.4.x Serie


    CHANGELOG

    • Added: Http test for the /.well-known/acme-challenge/ URL path reachability - Executed for all added SANs (FrontEnd)
    • Fixed: ACME challenge failure due to missing Apache2 reload after plugin activation (Certbot)
    • Fixed: Make use of the `--cert-name' option in all contexts to avoid duplicate SSL certificate errors (Certbot)
    • Fixed: Plugin installation/upgrade failure when SQL strict mode is enabled (FrontEnd)
    • Fixed: SQL TEXT data type cannot have default value - Error raised when SQL strict mode is enabled (FrontEnd)
    • Review: UI layout - Moved SANs data in dedicated dialog box for a cleaner overview (FrontEnd)
    • Removed: DNS checks - replaced by the /.well-known/acme-challenge/ URL path reachability http test (FrontEnd)
    • Removed: `resolvers' plugin configuration parameter
    • Removed: Useless information in administrator and client interfaces (FrontEnd)
    • Updated: certbot-auto from version 0.12.0 to version 0.13.0
    • Updated: Translation files
  • Version 3.0.0

    Version compatible with i-MSCP Serie 1.3.x (version >= 1.3.1), 1.4.x


    CHANGELOG

    • Added: Let's Encrypt `Fake LE Root X1' root certificate in list of trusted certificates (staging environment)
    • Added: textarea field for subject alternative names in both administrator and client interfaces
    • Added: `--now' command line option to force immediate execution of pending tasks (pending.pl script)
    • Changed: Default value for the `certbot_self_update' configuration parameter is now `true'
    • Changed: IDNs are now fully supported. Usage of the Certbot client development version is no longer required.
    • Changed: Usage of the new `delete' Certbot subcommand for deleting SSL certificate lineage instead of doing manually
    • Featured: Administrator can now add up-to 100 SANs in both control panel and services SSL certificates
    • Fixed: Automatically install required distribution packages
    • Fixed: Certbot client installation failure on Debian Stretch due to openssl extension build failure
    • Fixed: Couldn't enable Let's Encrypt for the control panel due to missing test on `services' target
    • Fixed: Don't process if Apache2 service is not running. Apache2 is required for ACME challenges
    • Fixed: Make sure that Certbot client get updated when the plugin is being updated
    • Fixed: Possible failure on plugin uninstallation due to duplicate entry for `domain_name' database key
    • Fixed: `[warn] Useless use of AllowOverride' warning (Apache2)
    • Review: Usage of new JS confirm dialog as provided by i-MSCP 1.4.x with backward compatibility in mind
    • Removed: /var/www/virtual/LetsEncrypt directory (replaced by %plugin_dir%/LetsEncrypt/acme)
    • Removed: Useless Let's Encrypt Apache2 vhost files for both control panel domain and system hostname
    • Rewriten: pending.pl and renew.pl scripts (cronjobs)
    • Updated: certbot-auto from version 0.9.3 to version 0.12.0
    • Updated: Translation strings
  • Version 2.0.5

    Version compatible with i-MSCP Serie 1.3.x (version >= 1.3.1 - Plugin API 1.0.5)


    CHANGELOG

    • Fixed: Deletion of domain alias or subdomain is short-circuited by SSL certificate revocation (Closes: #IP-1682)