SSL Installation per ChatGPT

Fantastic — rondoyle.net is back and secured, exactly what we wanted. Now let’s turn this into a repeatable, clean, simple workflow you can use for any domain or subdomain on your server.

We’ll keep this extremely clear and consistent.

⭐ MASTER WORKFLOW FOR ANY DOMAIN:

Issue → Install → (Optional) Set Up Auto-Renew Apache Install

This works for every domain:

• www.rondoyle.net
• stats.rondoyle.net
• Any other *.rondoyle.net
• Any other cPanel user/domain on the server

We’ll go in small steps.

✅ STEP A — Issue a certificate using standalone mode

For each domain, repeat the following:

1. Stop Apache (brief downtime, 5–15 seconds)

   systemctl stop httpd
   

2. Issue the certificate Replace MYDOMAIN.com with your domain (e.g., stats.rondoyle.net):

   /root/.acme.sh/acme.sh --issue -d MYDOMAIN.com --standalone --keylength ec-256
   

   If you need multiple names on one cert (SAN):

   /root/.acme.sh/acme.sh --issue -d MYDOMAIN.com -d www.MYDOMAIN.com --standalone --keylength ec-256
   

   Expected:

   Success
   Cert success.
   

3. Start Apache again

   systemctl start httpd
   

Certificates will always be stored under:

/root/.acme.sh/MYDOMAIN.com_ecc/

Files you care about:

• MYDOMAIN.com.cer (leaf certificate)
• MYDOMAIN.com.key (private key)
• fullchain.cer (cert + intermediate)
• ca.cer (intermediate bundle)

✅ STEP B — Install certificate into WHM

Because GoDaddy blocks AutoSSL, we install manually:

1. Copy these three pieces from SSH:

cat /root/.acme.sh/MYDOMAIN.com_ecc/MYDOMAIN.com.cer
cat /root/.acme.sh/MYDOMAIN.com_ecc/MYDOMAIN.com.key
cat /root/.acme.sh/MYDOMAIN.com_ecc/ca.cer

2. WHM → SSL/TLS → Install an SSL Certificate on a Domain

Enter the domain manually if it doesn’t appear.

• Certificate (CRT): paste contents of MYDOMAIN.com.cer
• Private Key (KEY): paste contents of MYDOMAIN.com.key
• CA Bundle: paste contents of ca.cer

Click Install.

If WHM accepts it (green message), you’re done.

⭐ OPTIONAL BUT HIGHLY RECOMMENDED

STEP C — Automatic Renewal + Automatic Apache Install

acme.sh will renew automatically, but it won’t automatically install renewed certs into Apache unless we tell it to.

So for each domain, run:

/root/.acme.sh/acme.sh --install-cert -d MYDOMAIN.com \
  --cert-file       /usr/local/apache/conf/ssl.crt/MYDOMAIN.com.cer \
  --key-file        /usr/local/apache/conf/ssl.key/MYDOMAIN.com.key \
  --fullchain-file  /usr/local/apache/conf/ssl.crt/MYDOMAIN.com.fullchain.cer \
  --reloadcmd       "systemctl restart httpd"

This does three things:

1. Creates or updates cert files where Apache expects them
2. Automatically updates them every 60 days on renewal
3. Restarts Apache so the new cert goes live without you touching WHM

💡 You only need to do this once per domain.

🧠 TEMPLATE YOU CAN COPY FOR ANY DOMAIN

Issue cert:

systemctl stop httpd
/root/.acme.sh/acme.sh --issue -d MYDOMAIN.com --standalone --keylength ec-256
systemctl start httpd

Install cert into WHM:

cat /root/.acme.sh/MYDOMAIN.com_ecc/MYDOMAIN.com.cer
cat /root/.acme.sh/MYDOMAIN.com_ecc/MYDOMAIN.com.key
cat /root/.acme.sh/MYDOMAIN.com_ecc/ca.cer

Paste into WHM → Install SSL Certificate.

Set up auto-install on renewal:

/root/.acme.sh/acme.sh --install-cert -d MYDOMAIN.com \
  --cert-file       /usr/local/apache/conf/ssl.crt/MYDOMAIN.com.cer \
  --key-file        /usr/local/apache/conf/ssl.key/MYDOMAIN.com.key \
  --fullchain-file  /usr/local/apache/conf/ssl.crt/MYDOMAIN.com.fullchain.cer \
  --reloadcmd       "systemctl restart httpd"

🚀 If you want, I can give you pre-filled commands for:

• stats.rondoyle.net
• www.rondoyle.net
• Your Node subdomains (pop.rondoyle.net, dev.rondoyle.net, time.rondoyle.net, etc.)

Just tell me which ones you want next, and I’ll generate the exact ready-to-paste commands.