ServerPilot Let's Encrypt (
This Python utility allows you to automate the installation/uninstallation of SSL certificates from Let's Encrypt on ServerPilot servers. Both free servers (from old grand-fathered plan) and servers on premium plans are supported.
First of all, sign in as root user (or with sudo privileges). Now remove the very old script if you are still using it:
And then install some needed packages:
apt-get update && \ apt-get -y install python3-pip build-essential libssl-dev libffi-dev python3-dev
Uninstall older version if exists:
pip3 uninstall -y rwssl
And then install the latest version from PyPi:
pip3 install rwssl==2.0.4
Verify that the installation worked. This should bring up the help menu for rwssl:
The alternate way to install rwssl is by cloning the repository:
cd ~/ && \ git clone https://github.com/rehmatworks/serverpilot-letsencrypt && \ cd serverpilot-letsencrypt && \ pip3 install -r requirements.txt && \ python3 setup.py install
Only Python 3.5 and up supported so you shoul install & use rwssl package using pip3 and Python 3.x.
Available Commands with Examples:
Once rwssl is installed, a command
rwssl will become available in your terminal. You will have access to the following sub-commands in order to manage your server.
Update: Please note that old commands aren't available anymore due to a recent major upgrade. Please check below table for new commands that come with rwssl. You can get help by typing
rwssl -h as well.
|getcert||Get letsencrypt cert for an app.||
|getcerts||Get letsencrypt certs for all apps.||
|removecert||Uninstall SSL cert from an app.||
|removecerts||Uninstall SSL certs for all apps.||
|forcessl||Force SSL certificate for an app.||
|unforcessl||Unforce SSL certificate for an app.||
|forceall||Force HTTPs for all apps.||
|unforceall||Unforce HTTPs for all apps.||
You can use
rwssl -h command to get to the help page on above commands.
To uninstall rwssl completely, run:
pip3 uninstall rwssl
As a CRON job is added for SSL renewals by rwssl, you can remove the CRON file by running:
Moreoever, a conf file
acme.conf is created in conf directory of each app in vhosts.d. You should delete them as well. For example, if your app name is example, you should delete the conf file
/etc/nginx-sp/vhosts.d/example.d/acme.conf. Repeat this step for each app where you used rwssl to get the SSL certificates.
[2.0.4] - 2020-07-19
A minor upgrade that addresses renewal CRON issue and DNS-related bug.
- Fixed invalid DNS bug
- Fixed renewal cron file generation
[2.0.0] - 2020-04-18
A major upgrade that addresses all reported bugs including SSL renewals.
- Custom path is used to store SSL certificates
- Certificate is named after app name (Addresses missing cert path issue)
- Improved vhost file parsing to get app details
- Dropped support for Python 2.x (Only Python 3.x is supported)
- Using Let's Encrypt staging server (via dry-run) for domain validation (To address quota issues)
- Using Jinja template engine to generate virtual host files from templates
- Using a custom ACME verification location (To avoid initial verifications & renewal issues)
- Using latest certbot Python package
- ACME v2 protocol support
- Added validation after vhost files are written (and changes are reverted if errors encountered)
Bugs & Suggestions
For security-related issues, please email me at firstname.lastname@example.org and for common bug reports / feature requests, use the issues section.