I am writing this post because i believe in power to individual. In this post I will give you step by step instructions to install Letsencrypt certificate on Godaddy shared hosting without depending on any third party services who want you to pay for something that is free. Instead of paying them make donation to letsencrypt.
- PC or laptop
- Linux or Mac (sorry for windows users I am a noob on windows)
- Homebrew (The software dude)
In the following post i assume that you have fair level of comfort with cPanel and command line.You can also do https redirect for your domain name yourself as the topic is not in the scope of this post. Though we are not doing any vaccine science but still.
Step 1: Go to cPanel -> open file manager in go daddy
Step 2: Go to your publichtml folder and in root level of your domain create a folder .well-known and inside it create a folder named .acme-challenge you will need this later. NOTE: If you have multiple domains on same shared hosting you need to do this for each domain/sub domain separately and each domain will have its own folder inside publichtml, you need to use that as root of the domain.
Step 3: Open terminal in your mac (for linux steps will be same or similar)
Step 4: Install certbot by running command “brew install certbot“. no sudo with brew (both software and liquid one never use sudo when you are using brew).
Step 5: Once the certbot installation is complete we can start certificate creation process. run command in terminal “sudo certbot certonly –manual” as you can see we are creating certificate in manual mode. you will need sudo with this one.
Step 6: certbot will ask for your email and will ask you for agreeing to various terms and condition do that by entering Y or as per instruction. Then certbot will ask you to enter your domain comma separated. Enter both your naked and www versions like www.example.com,example.com and press enter
Step 7: First time you will be asked to verify ownership of your domain in two steps.
- Certbot will generate a file name file content. Now you need to go to your .acme-challenge we created in Step 1.
- Open the folder and create file using godaddy interface. Inter the name same as the end point of url given at terminal by certbot something like http://www.emaple.com/.well-known/.acme-challenge/<filename>
- once you have created the file edit it using godaddy interface and paste the content provided by certbot in the file and save it.
- Now if you open the given url in browser it should open the contents of your file.If not carefully check what went wrong in creating the file
- Press enter
- You will need to repeat the above steps once more with new set of data and press enter again your domain ownership will be verified
Step 8 : On mac you will get a message that your certificate has been created at “etc/letsencrypt/live/<domainname>“
Step 9 : Go to godaddy cPanel again and open ssl/TLS in security setting
Step 10: Click manage ssl sites below Install and Manage SSL for your site (HTTPS)
Step 11: Click on update certificate besides your domain name. This will open a form like page asking for Certificate private key and CA bundle. as shown in image below.
Step 12: Back to you terminal in mac SORRY SORYY SORYY but its required all this to and fro. You need to do following one by one
- run sudo su in terminal
- run cd etc/letsencrypt/live/<yourdomain>. you can also just go to “etc/letsencrypt/live” and do ls there and then cd to your domain folder.
- Once inside the folder which is named after your domain do ls
- Now run vi cert.pem in terminal it will open your certificate copy all the contents of file and paste it in Certificate(CRT) section shown in image above.No close vi by pressing :q
- Run vi privatekey.pem this will open private key contents copy and save all the contents of file in Private Key (KEY) section as shown in image above.
- Do vi chain.pem and copy the contents. Paste the contents in Certificate Authority Bundle (CA Bundle) section shown in above image.
Press install certificate and you are done. If you face any issues let me know in comments. I know copy pasting certificates over network is not a good idea and certbot should be used on server but its still better than using a third party