I've recently enabled HTTPS on this blog using letsencrypt.
Letsencrypt does support shared hosting, but it's not that easy to do.
- You will require a Linux machine (or Mac) to generate your certificate(s). In the case of shared hosting, you will likely not be able to run the commands directly on your server, because you likely won't have shell access and even if you do, you likely won't have root access.
- Certificates are only valid for 90 days
- It's tricky to automate renewal if the machine running the commands is not your web server, because the script you have to use is not easily composable within other scripts. I will probably have a go when my first 90 days are up and will add an update if I manage to do something useful.
With that said, here's the process, which is a bit convoluted:
As I said, you need a Linux machine. If you don't have one, the easiest way to get one is to install Ubuntu in VirtualBox.
Step 1: Download and run certbot
Letsencrypt gives you a script called certbot:
# Download certbot wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto certonly --manual
Certbot will show something like:
Make sure your web server displays the following content at http://mydomain.com/.well-known/acme-challenge/1xA1TOAmMITd6KuWbjmY-eUVby-TXGCYhD6R9YyrG_E before continuing: 1xA1TOAmMITd6KuWbjmY-eUVby-TXABYoD6O9hyrG_E.byfuf9fAgDdDad814dn83FBzYdasGib3DM6mBec-4sk Press ENTER to continue
Step 2: Verify yourself with certbot
Do as it says and create the directories and file, then upload it to your server, and press 'enter' for certbot to verify you.
Step 3: Find your certificate and private key
certbot creates two outputs you care about:
Your certificate: /etc/letsencrypt/live/mydomain.com/cert.pem
Your private key: /etc/letsencrypt/live/mydomain.com/privkey.pem
These are not very helpfully located under a directory which requires root permissions to read. The easiest way to get at these files is to use 'cat' to output them to the console:
# This will output cert.pem sudo cat /etc/letsencrypt/live/mydomain.com/cert.pem # This will output privkey.pem sudo cat /etc/letsencrypt/live/mydomain.com/privkey.pem
Step 4: Paste these files into your hosting's control panel
In cpanel, it looks something like this:
Paste the two outputs of Step 3 into the boxes in the third screen.
Now you should find you can browse to https://mydomain.com