How to Setup cPanel/WHM with Auto SSL on Digital Ocean
Are you looking for a stable, safe and scalable hosting solution for your digital business?
I was, and we’ve finally been able to setup a hosting environment that is as easy to manage as a standard shared hosting account, but it’s far more scalable, with higher levels of performance.
It’s just a much better solution overall… And it’s what we’re using to host our sites, like Costa Rank.
What Took Us So Long?
I’ve always wanted to have our system running on a VPS solution, like a Digital Ocean, Vultr or an AWS, the issue was always, support.
We were primarily using a VPS from InMotion Hosting, but because they provide technical support and maintenance with their plans, you lose some control over what you can and can’t do.
Support was and still is a big concern of ours.
It’s usually a lot easier to solve simple server issues by just jumping on support chat and having the hosting company solve it for you. That’s not something you can expect from Digital Ocean…
Digital Ocean still offers great support, and if you need technical support, you can usually set up a call with one of their engineers. But it’s not going to be as easy as opening a chat window and getting it solved.
You also have full control over the server that you set up, so if you mess things up, Digital Ocean is not responsible for it, in anyway. The liability is all on your side.
All of these were big drawbacks that held us back from switching over to a VPS like Digital Ocean. But here’s the truth… Digital Ocean still offers some level of support, and they obviously know what they’re doing.
Also, we’re going to need a cPanel license, they offer support as well, and it’s really good. You can grant them remote access to your server, and they’re usually really fast once you open a ticket.
So, you have two sources of support that you can get help from.
Making the Switch – Who’s It For?
To be honest, if I can do it following this guide, anyone can. It’s not complicated to do it. And once you have a WHM and cPanel on your server, it’s really easy to manage it and add different functionalities to it.
Digital Ocean is also very cheap for the infrastructure and scalability that they offer. You can get a server like ours running for about $20/month, which can be upgraded at any point.
Really cheap when you compare it to other popular self-managed VPS solutions out there.
If you’re looking for a stable solution, that can easily be scaled at any time, a setup that allows you to host your own sites, large or small, and resell accounts to your clients as well, Digital Ocean is most likely a very good option for you.
I’ll show you how to set things up properly, with Auto SSL on all your sites, security tweaks that you make to your server, and scheduling backups that are easily restored.
The Step-by-Step Guide
So, let’s get straight into it! It’s actually a pretty easy and straightforward process if you follow all of the steps below, but it will take a couple of hours to set it all up.
Step 1 – Setting Up Digital Ocean
Before doing anything else, you need to sign up for a Digital Ocean account. If you sign up through Digital Ocean you’ll get a $10 credit deposited on your account.
It’s not going to get you very far, but it’s better than nothing.
If you’re a student or know someone who is, sign up to Github’s Student Pack, you’ll get $50 extra!
Creating a Droplet
Once you’re logged in to your account, go to the top-right corner and click the “Create” button, on the dropdown menu, select “Droplets.”
Note: Droplets are Digital Ocean’s cloud servers, you’ll be setting one up to run your WHM/cPanel system.
Choose an Image – WHM/cPanel runs on a CentOS server, so make sure that’s what you choose for your “Distributions”, we’re using 7.4 x64.
Choose a Size – This is totally up to you, Digital Ocean just updated their pricing (which is a lot better now, by the way!). For this example, we’re going to choose the $20/month package, 4GB of Memory, 2 CPUs, 80GB of SSD Disk, and 4TB of Data Transfer.
Add Block Storage – this will add an extra monthly cost to your server, and you don’t need it necessarily, but it’s a cheap way to store backups. We’re using 500GB of extra space, where we send our weekly and daily backups to.
Choose a Datacenter Region – this is where you choose the location of your droplet/server. If you’re targeting a specific country with most of your websites, it’s helpful to have a local server, close to where most of your users will be accessing your websites from.
Select Additional Options – here I typically go with Private Networking, Backups (adds a 20% extra cost to your droplet), IPv6, and Monitoring.
Make sure your hostname is HOSTNAME.YOURDOMAIN.COM, we ended up calling our droplet: centos-s-2vcpu-4gb-lon1-01.costarank.xyz.
Finalize and Create – choose your droplet name and finalize. Digital Ocean will start creating your droplet and email you the SSH keys, giving you root access to your server.
Step 2 – Installing cPanel on Your Droplet
Your droplet has now been created… So, let’s start installing WHM/cPanel on your server!
We need to access our server remotely, to run a few commands. If you’re a Mac user, you can use the built-in Terminal Line.
If you’re a Windows user, I recommend using PuTTY (which you can download here). It’s a free software, and it’s the I’m going to be using below.
Accessing Your Droplet
Start by checking your email and getting the following information:
- Droplet Name
- Droplet IP Address
- Droplet Username (which is going to be root)
- Droplet Password
Now, once you open PuTTY, this is what you’ll see:
All you have to add here is your Host Name (or IP address) and click Open.
You’re going to login as: “root”, and then copy-and-paste the password provided by Digital Ocean.
Note: To copy-paste on Windows, simply right-click on your mouse and press enter. PuTTY doesn’t show your password for security reasons, but it’s there.
By default, Digital Ocean is going to ask you to reset your password. Simply enter your current password, then your desired password and press enter.
Now the fun part begins!
We’ll be running a series of commands to prepare our server to receive cPanel’s package and installation.
Setup: start by typing the following commands:
sudo yum install perl
Note: the last command should obviously use your own hostname.
Installing cPanel: we’re now going to install the cPanel package. Once you’re done typing the commands given below, wait approximately 1-2 hours for cPanel to be installed.
sudo yum install screen wget
wget -N http://httpupdate.cPanel.net/latest
This is what you’ll see once cPanel is fully installed on your server. We’re done with the technical stuff!
Setting Up the New Account
Now that cPanel is installed, we need to configure the basic settings of your WHM/cPanel account. Here’s how to do it…
Accessing your server – go to https://YOURDROPLETIP:2087, enter your username and root password.
Note: The SSL certificate won’t be working in the beginning, we’ll have to wait a few hours for it to be properly installed, so once you get the security warning, just move on.
WHM agreement – we need to now add the basic features to WHM and agree to their license terms.
In Step 2, enter your contact email, and move on to the next step. You don’t have to change the other settings.
Skip Step 3 and move to the next one.
In Step 4, make sure your Nameserver Configuration is set to BIND, and scroll down to select your nameservers.
Save and Go to Step 5.
For Step 5, make sure your FTP Server settings are set to Pure-FTPD, this is the default setting on all cPanel systems. Once you’re done, move to the next step.
In Step 6, select Use filesystem quotas and click Finish.
Enabling and Disabling Additional Features
Before logging in to our new WHM, we need to update some of the features. This is done on the Feature Showcase. Here are the ones you should enable:
- PHP-FPM Service for cPanel
- The SSL/TLS Wizard in cPanel
And you’re done! WHM is now installed. Ready for you to start creating accounts and adding your domains.
There are still a few things that I want to go over, though, like creating new accounts, configuring DNS, installing Softaculous, security and PHP settings, etc…
Step 3 – Configuring DNS
We want to have a primary domain associated with our droplet. For this tutorial, we’re using costarank.xyz, so we need to configure that domain using Digital Ocean’s Networking settings.
Pointing the domain – the first thing you want to do is point your domain to Digital Ocean’s servers:
Adding a domain – now go to Networking and add your new domain.
Creating DNS records – you need to add 4 new DNS A records, to point the new domain to the server we just created.
We’re done with the DNS configuration! Some of these changes will take a while, though, so be patient, while the DNS settings are propagating.
Step 4 – Installing Softaculous
Now, no one has time to install WordPress and other popular applications manually. You can absolutely do it manually, but why would you?
Softaculous is one of the most popular auto-installers on the market, it costs like $12/year, so it’s totally worth it.
The paid version comes with 443 scripts to choose from, and it’s actually pretty easy to install, now that we’re SSH terminal ninjas!
Enabling IonCube – before installing Softaculous, we need to enable IonCube, otherwise the package won’t install properly.
Once you’re logged in to your WHM dashboard, go to Server Configuration > Tweak Settings > PHP and enable IonCube.
Go back to PuTTY or your terminal line and enter the following commands:
wget -N http://files.softaculous.com/install.sh
chmod 755 install.sh
Softaculous is now installed. If you go to Plugins on your WHM, you’ll see Softaculous there. You’ll have to buy your license and update it on WHM, to take advantage of their full library.
Step 5 – SSL Certificates and Enabling AutoSSL
One of the great things about having a cPanel license is that it will automatically come with an AutoSSL powered by Comodo (one of the largest security providers in the world).
This should allow you to install your applications with HTTPS instead of HTTP, making the data transfer between your server and your users more secure.
To make sure it’s installed properly, go to SSL/TSL > Manage AutoSSL, and choose the SSL certificate provider that you want to use.
Note: whenever you add a new domain or account to your WHM environment, the AutoSSL takes a while to be fully working. So, you may need to install some applications without HTTPS and switch it later, once the certificate has been installed properly.
SSL Certificates for WHM/cPanel
You may notice that when you’re navigating on your cPanel and WHM dashboards, your browser will give you security warnings. This will happen if the SSL certificate isn’t properly installed.
Wait a few hours to see if the warning goes away. If it doesn’t, simply open a ticket with cPanel, and they’ll help you out.
Go to Support and create a ticket, granting remote access to cPanel’s support team. They usually respond pretty fast and are extremely helpful.
Step 6 – Creating an Account
If you’re used to managing your server with WHM, this isn’t a very complicated step for you.
WHM is managing your entire server, but you’ll need to create a cPanel account to add your domains, setups emails, and install different applications.
Go to Account Functions > Create a New Account. Enter your domain and new account details, scroll down and click Create.
Once the account is created, you should be able to go to https://YOURDOMAIN.com:2083 and login to your new cPanel account.
And here is your new cPanel. The exact same environment you’re used to seeing on other popular hosting solutions.
Step 7 – Security and PHP Settings
Security should obviously be a priority for you; it sucks to have one of your sites or cPanel accounts hacked!
We can’t eliminate that risk completely, but we can, and should, make a few adjustments to secure our data as much as possible.
Securing Your cPanel
Indexes – one of the things I like to do right away is to deindex public directories. This can be done on your cPanel, by scrolling down to ADVANCED.
Once you click Indexes, you’ll see your main directory folders…
Click on public_html and changes the indexing settings to No Indexing.
This will prevent unauthorized users from accessing your directory listings. You want to make sure you’re doing this for all your cPanel accounts (in case you’re using multiple ones like we do).
Also, we talked with the cPanel team, and they sent us a few additional security measures that we’ve also put in place.
You can find them all here, with the step-by-step process on how to do it: https://documentation.cpanel.net/display/CKB/Tips+to+Make+Your+Server+More+Secure
Adjusting PHP Settings on WHM
Now the first thing you want to do is update the PHP version of your server to the newest one available.
Go to Software > MultiPHP Manager and make sure you select the 7.0 version.
You can also choose to upgrade to their legacy PHP versions. This is totally up to you. We’re currently using ea-php70 for most of our accounts.
Make sure you read about the implications of upgrading to CloudLinux and using different PHP versions, before making the switch.
Now, we need to change some PHP settings, that will be automatically applied to all accounts.
Go to Software > MultiPHP INI Editor, and make sure you’re editing the correct PHP version. You can do this using the Basic Mode.
Here are some of the changes that you should make:
- max_execution_time: 90
- memory_limit: 256M
- post_max_size: 256M
- upload_max_filesize: 256M
You can set these to whatever you want, we’re running everything on a pretty good server, and we upload really large files every now and then, so we tend to use larger upload limits.
The default is too low, even if you’re just building simple WordPress sites, so that’s why I recommend that you change it.
Step 8 – Enabling and Scheduling Backups
Backups are a must!
The great thing about WHM/cPanel is that it allows you to schedule backups, which can easily be restored at any point.
The last thing you need is to be in a position where some of your files got corrupted, and you have no way to go back.
So, here’s how to schedule regular backups from your WHM dashboard…
Go to Backup > Backup Configuration and make sure you enable backups once you get to that panel.
The settings here are really up to you. The default settings should work, but if you want to set specific limits and scheduling dates, you can do that too.
You can choose to keep daily, weekly, and/or monthly backups. We’re using a combination of daily and weekly backups; it has worked very well for us.
This is it! You know have a fully functional VPS environment, on one of the most stable, secure and scalable solutions on the market. If you prefer to use other self-managed VPS providers like Vultr, Amazon, or Google, you may find some of the steps to be fairly similar.
Now, keep in mind that in addition to the droplet monthly expenses, you’ll have to buy a cPanel and Softaculous license, these will cost around $250/year.
Before you start using it and transferring everything over, make sure you buy and activate these licenses, and reboot your droplet.
If you have any questions, please leave a comment below, we’ll try to help you out as much as we can. Hope you found this tutorial helpful!