Acronis Agent Install: cPanel - Secure Boot

  • Updated on Jan 18, 2026
  • Published on Jan 18, 2026
  • 6 minute(s) read
Prev Next

This guide details the process of installing the Acronis Backup Agent on a Linux Server (without a web control panel).

To complete the guide, you’ll need to access your server through SSH or remote console.

If you’d like to learn how to access your server via the remote console, read the following guide:
How to access IPMI / Remote Console

This guide is to be used if Secure Boot is ENABLED on your Linux server.

If secure boot is disabled, use this guide instead:
Acronis Agent Install: cPanel

Installing Acronis with Secure Boot requires a system reboot.

This is used to enroll Machine Owner Keys for the Acronis “snapapi” kernel module.

Adding a Protection Plan

Before we can start, your Acronis Cyber Protect tenant requires at least ONE valid Protection Plan.

Additionally, we strongly recommend cloning and using a separate Protection Plan for each protected workload, as any changes made to a multi-use plan will affect all workloads protected by that plan.

You can find a list of Protection Plan templates at the linked page. Make sure to select a “Standard Backups - cPanel” plan.

Protection Plan templates

A guide showing how to import the downloaded Protection Plan file is linked below:

How to import a Protection Plan


A guide showing how to clone the imported Protection Plan can be found further down in the same guide:
Cloning a Protection Plan

If you already have a suitable Protection Plan, you may continue to the next section:
Allowing Acronis IPs into the firewall

Allowing Acronis IPs into the firewall

For Acronis Backups to function, you’ll need to allow the following IP addresses through your server’s firewall:

45.11.129.61
45.11.129.62
45.254.37.11
45.254.37.12
45.254.37.13
45.254.37.14
45.254.37.15
45.254.37.16
45.254.37.17
45.254.37.18
45.254.37.19
45.254.37.20
103.101.129.51
103.101.129.52
117.120.8.238

If your SAU server is protected by a FortiGate Firewall, please refer to the below drop-down to see how to easily allow these IP addresses:

How to whitelist Acronis IPs on a FortiGate Firewall

  1. Log into your FortiGate web UI.

  2. Copy and paste the below code block into the FortiGate CLI.
    These commands will create Acronis address objects, and combine these objects into an Address Group.

config firewall address
    edit "Acronis 45.11.129.61/31"
        set subnet 45.11.129.61 255.255.255.254
    next
    edit "Acronis 45.254.37.11/32"
        set subnet 45.254.37.11 255.255.255.252
    next
    edit "Acronis 45.254.37.12/30"
        set subnet 45.254.37.12 255.255.255.252
    next
    edit "Acronis 45.254.37.16/31"
        set subnet 45.254.37.16 255.255.255.254
    next
    edit "Acronis 45.254.37.18/31"
        set subnet 45.254.37.18 255.255.255.254
    next
    edit "Acronis 45.254.37.20/32"
        set subnet 45.254.37.20 255.255.255.255
    next
    edit "Acronis 103.64.16.0/24"
        set subnet 103.64.16.0 255.255.255.0
    next
    edit "Acronis 103.101.129.51/31"
        set subnet 103.101.129.51 255.255.255.254
    next
    edit "Acronis 117.120.8.238/32"
        set subnet 117.120.8.238 255.255.255.255
    next
end
config firewall addrgrp
    edit "Acronis IP Group"
        append member "Acronis 45.11.129.61/31"
        append member "Acronis 45.254.37.11/32"
        append member "Acronis 45.254.37.12/30"
        append member "Acronis 45.254.37.16/31"
        append member "Acronis 45.254.37.18/31"
        append member "Acronis 45.254.37.20/32"
        append member "Acronis 103.64.16.0/24"
        append member "Acronis 103.101.129.51/31"
        append member "Acronis 117.120.8.238/32"
    next
end

  1. In your Firewall Policy table, create a WAN > LAN ACCEPT policy that matches the below image. “Acronis IP Group” will already exist if you ran the commands in the previous step.

Installing the cPanel plugin

Install the Acronis cPanel plugin using the official Acronis script:

sh <(curl -L https://download.acronis.com/ci/cpanel/stable/install_acronis_cpanel.sh || > wget -O - https://download.acronis.com/ci/cpanel/stable/install_acronis_cpanel.sh)

If your server previously used our R1Soft backup solution, this is the point where the R1Soft agent needs to be removed from the server.

Doing this at a later time may cause the server to crash!


Run the following one-line command on your Linux server to remove R1Soft. This will work with CentOS, AlmaLinux, Ubuntu and Debian.

bash -c 'set -euo pipefail; r1softpacks="r1soft-getmodule serverbackup-agent serverbackup-async-agent* serverbackup-setup serverbackup-enterprise-agent"; svc(){ for s in cdp-agent sbm-agent; do (systemctl stop $s 2>/dev/null || service $s stop 2>/dev/null || true); done; }; pkg(){ if command -v dnf>/dev/null; then sudo dnf remove -y --skip-broken $r1softpacks; elif command -v yum>/dev/null; then sudo yum remove -y --skip-broken $r1softpacks; elif command -v apt-get>/dev/null; then sudo apt-get update -y || true; sudo apt-get purge -y $r1softpacks || true; sudo apt-get autoremove -y || true; else echo "No supported package manager detected!"; exit 2; fi; }; svc; pkg; rm -f /etc/yum.repos.d/r1soft.repo >/dev/null 2>&1; [ -f /etc/apt/sources.list ] && sed -i "\|repo.r1soft.com/apt|d" /etc/apt/sources.list >/dev/null 2>&1 || true; /usr/local/cpanel/scripts/uninstall_plugin r1soft-cpanel-plugin-2.0 --theme paper_lantern; /usr/local/cpanel/scripts/uninstall_plugin r1soft-cpanel-plugin-4.0 --theme jupiter'

If you don’t have R1Soft installed, continue on.

Before running the installer, make sure you have the server’s root password ready. You’ll need this later.

  1. Navigate to the server’s WHM interface, and search for “Acronis”.

    There should be a plugin named “Acronis Backups”. Click it.

  2. You will land on this page:

    • Replace the Service URL with the following:

      https://backup.aci.servercontrol.com.au

    • Enter the username and password for your Acronis “service account” user.

      A guide showing how to reset the password for this user can be found here:
      How to update the service account email/password


    The filled-out page should look something like this. Note the different Service URL.

    Click “Sign In” to continue.

  3. On the Protection plan page, select “Use an existing protection plan”.

    Then click “Continue”.

  4. Leave both self-service boxes ticked.

    Click “Continue”.

  5. Click “Continue”.

  6. The plugin will now run through the automated process of installing the Acronis agent.

  7. Once the process has completed, click “Done”.

  8. The plugin should now display this page:

  9. Log in to the Acronis Cyber Protect Cloud portal, found here:
    https://backup.aci.servercontrol.com.au/login

    The default tenant username can be found in the MySAU portal, as shown in this guide:
    How to access the Acronis Cyber Protect Cloud portal

  1. Click “Devices”.

    You should see your server listed here:

  2. The Linux server must now undergo a reboot, BUT WAIT! Please read the info box below before rebooting.

    Before you press restart, you’ll need to access the server via remote console.

    A guide detailing this process can be found here:
    How to access IPMI / Remote Console

    Upon reboot, a blue screen will appear for a limited time. You must quickly press any letter key to enter Key Management.
    Failure to complete this in time will require a full reinstall and re-registration of the Acronis agent.

  3. Once you have the remote console open and ready, gracefully reboot the server. This can be done using one of the following commands:

    • shutdown -r now

    • reboot

  4. During boot, you should encounter this blue screen, as previously mentioned.
    Make sure to press any letter key as quickly as possible.

  5. Use the arrow keys to navigate the menu.

    Select “Enroll MOK”, and press Enter.

  6. Select “Continue”, and press Enter.

  7. Select “Yes”, and press Enter.

  8. Enter the server’s root password, and press Enter.
    You get three attempts to complete this, so make sure it’s correct.

  9. Select “Reboot”, and press Enter.

  10. Once the server is back online, test the kernel module is running with this command:

    lsmod | grep snapapi

    If the command outputs anything, it means the kernel module is loaded.

  11. Proceed to the next section to apply your Protection Plan. If this is not completed, your backups will have no way to function.

Applying the protection plan

  1. Click on the server name, and select “Protect”.


  2. Select the required Protection Plan. Make sure it’s a “cPanel” plan, or interaction with the cPanel/WHM plugin will break.


    If this prompt appears, click “Confirm”.

    The “Protect” section will now display the selected Protection Plan.

Acronis agent setup is complete!

If you’d like to manually run an initial backup to test this, refer to this guide:
How to manually start a backup