[Mashiro]

1. I don't know how exactly this whole SSL setup in WHM works to be honest. Can you like specify path to custom certificates? Does it mabye even come with its own free SSL module or can you add the Let's Encrypt module? If you can specify path to custom certificate files you could use this guide and simply point WHM to the Let's Encrypt certificate file. That means a WHM reload/restart every 90 days when you renew the Let's Encrypt certificate. A much nicer solution would be a offical function in WHM/cPanel or a plugin that does it properly.

- https://blog.cpanel.com/announcing-cpane...sl-plugin/
- https://documentation.cpanel.net/display...ypt+Plugin
- https://www.liquidweb.com/kb/enabling-le...d-servers/

2. To be honest that doesn't sound like something where I could really help. I can only say: I feel you. Taking over servers that might have not been updated for some time is always huge pain. I had servers where I could resolve it by basically doing the updates package by package to avoid breaking everything at once and in other cases the whole server just collapsed. So the worst that can happen is that something, e.g. cPanel, the web server or very unfortune the whole OS stops working. That is really the worst case scenario. CentOS 6.10 is the current CentOS version. You could try yum update and see how much stuff it has to update before actually saying YES to the update. WHM probably runs OS updates in the background anyway? No idea about WHM and cPanel. Never administrated it.

3. You should use these two hostnames when generating the certificate as explained in the tutorial: 1. "domain.net" and 2. "*.domain.net". domain.net covers the root domain itself and *.domain.net covers every possible sub domain which also includes host.domain.net automatically and any future additional sub domains.

4. Regardless of whether you have a certificate for a single domain, multiple domains or a wildcard domain(s) certificate the expiration period is always 90 days with Let's Encrypt.