Free HTTPS with Letsencrypt on shared hosting

I've recently enabled HTTPS on this blog using letsencrypt.

Letsencrypt does support shared hosting, but it's not that easy to do.

  1. You will require a Linux machine (or Mac) to generate your certificate(s). In the case of shared hosting, you will likely not be able to run the commands directly on your server, because you likely won't have shell access and even if you do, you likely won't have root access.
  2. Certificates are only valid for 90 days
  3. It's tricky to automate renewal if the machine running the commands is not your web server, because the script you have to use is not easily composable within other scripts. I will probably have a go when my first 90 days are up and will add an update if I manage to do something useful.

With that said, here's the process, which is a bit convoluted:

As I said, you need a Linux machine. If you don't have one, the easiest way to get one is to install Ubuntu in VirtualBox.

Step 1: Download and run certbot

Letsencrypt gives you a script called certbot:

12345
# Download certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

./certbot-auto certonly --manual

Certbot will show something like:

123456
Make sure your web server displays the following content at
http://mydomain.com/.well-known/acme-challenge/1xA1TOAmMITd6KuWbjmY-eUVby-TXGCYhD6R9YyrG_E before continuing:

1xA1TOAmMITd6KuWbjmY-eUVby-TXABYoD6O9hyrG_E.byfuf9fAgDdDad814dn83FBzYdasGib3DM6mBec-4sk

Press ENTER to continue

Step 2: Verify yourself with certbot

Do as it says and create the directories and file, then upload it to your server, and press 'enter' for certbot to verify you.

Step 3: Find your certificate and private key

certbot creates two outputs you care about:

Your certificate: /etc/letsencrypt/live/mydomain.com/cert.pem
Your private key: /etc/letsencrypt/live/mydomain.com/privkey.pem

These are not very helpfully located under a directory which requires root permissions to read. The easiest way to get at these files is to use 'cat' to output them to the console:

12345
# This will output cert.pem
sudo cat /etc/letsencrypt/live/mydomain.com/cert.pem

# This will output privkey.pem
sudo cat /etc/letsencrypt/live/mydomain.com/privkey.pem

Step 4: Paste these files into your hosting's control panel

In cpanel, it looks something like this:

1
2

3

Paste the two outputs of Step 3 into the boxes in the third screen.

Now you should find you can browse to https://mydomain.com

Talk is cheap

Leave a comment:

HTML is not valid. Use:
[url=http://www.google.com]Google[/url] [b]bold[/b] [i]italics[/i] [u]underline[/u] [code]code[/code]