le-featured

Install Lets Encrypt Certificate on Shared Hosting

The gist here is to generate the Let's Encrypt certificate locally and install it to your server using cPanel. This is the exact steps I used for this domain.

Things Needed

  • An OS to install and run the Let's Encrypt client. In this example I will use Ubuntu 14.04 VM on Windows.
  • cPanel access. Your cPanel should allow SSL certificates to be installed manually.
  • File upload access to the server. I used SFTP.

Installing the Let's Encrypt Client

  1. Fire up the terminal in Ubuntu and type:
    git clone https://github.com/letsencrypt/letsencrypt
  2. Once its done, go to the directory where the client is installed. For me its: cd letsencrypt

Generating the Certificate

  1. Inside the letsencrypt directory, type:
    ./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d kosinix.com -d www.kosinix.com

Note: Make sure to change kosinix.com to the domain of your website.

  1. The client will prompt you if its OK to log your IP. Choose Yes.
    Confirm IP logging

    Confirm IP logging

  2. Now, whatever happens, do not press anything yet or you will have to restart the generation process!

Confirming Domain Ownership

Notice that below the prompt is an instruction on how to confirm ownership of your domain:

Make sure your web server displays the following content at http://kosinix.com/.well-known/acme-challenge/xuJ_RPQbkGG356A7WRya9JiJ59Lj1dWjS7OG40oQMOM before continuing:

xuJ_RPQbkGG356A7WRya9JiJ59Lj1dWjS7OG40oQMOM.oUqbjO_-ZMUbmaC1JeWUVUrSB0ulSIDoHekYe_jffyk

The domain confirmation test

The domain confirmation test

  1. Connect to your server and create the following directory inside your server's public directory: .well-known/acme-challenge/
  2. Inside it create a text file named xuJ_RPQbkGG356A7WRya9JiJ59Lj1dWjS7OG40oQMOM that contains the string
    xuJ_RPQbkGG356A7WRya9JiJ59Lj1dWjS7OG40oQMOM.oUqbjO_-ZMUbmaC1JeWUVUrSB0ulSIDoHekYe_jffyk

Note: The strings will be different for you.

  1. Once you are done, go back to the terminal and press the enter. LE will generate one more confirmation. Just repeat step number 6.

Installing the Certificate in cPanel

cPanel SSL panel

cPanel SSL panel

  1. Type: sudo nautilus
  2. Using the file browser as root, navigate to /etc/letsencrypt/live/kosinix.com
  3. Login to your cPanel. Copy and paste the SSL info from these files into the cPanel SSL panel:
    Certificate (CRT) is cert.pem
    Private Key is privkey.pem
    Certificate Authority Bundle: (CABUNDLE) or CA is chain.pem

    I used gedit to open and copy the contents of the .pem files.

    Installing the certificate in cPanel

    Installing the certificate in cPanel

Bonus: Redirect all request to https

Add this in your .htaccess:

# BEGIN Force SSL
# This should be the first rule before other rules
<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
# END Force SSL

Additional Resources/References

12 Comments

  1. Pingback: Let’s Encrypt – Alex Caro

  2. Sam

    Let’s encrypt certificates expires in 90 days. How could we auto renew the cert with this method and put it on the server automatically?

    Reply
  3. Niklas Rosenstein

    Thanks for this article, it helped me out. 🙂 In the end I’ve been using the “webroot” plugin instead of “manual”, the only problem was that it wouldn’t wait until I copied the files to the actual webserver. I’ve ended up forking certbot and adding a “–webroot-delay-auth” option.

    https://github.com/certbot/certbot/pull/3236

    Also, I’ve looked into a method of running certbot without elevated privileges:

    https://www.niklasrosenstein.com/2016/07/using-letsencrypt-without-sudo/

    Thanks again,
    Niklas

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php