How to use Lets Encrypt on Go Daddy’s Shared Hosting Platform


So your looking for a way to use a free lets encrypt cert on your shared godaddy host? Well this is the place to come.
This only works with GoDaddy cPanel hosting, not their classic web hosting.

Selection_030

These steps show you how to also add the SSL certificate on multiple “Addon Domains.” Let’s Encrypt lets you create a “Multi-domain” certificate, also known as a “UC” or “UCC” certificate. This works on GoDaddy shared cPanel hosting to cover all of your sites and subdomains on that account.

These steps assume that:

  • you’ve already installed Let’s Encrypt on your local computer
  • you’re working from a command line terminal
  • you have SSH access to the hosting account (You can enable SSH access in your GoDaddy cPanel, under “Security,” click SSH Access.)

 

Well lets assume you didn’t do the local install. Then (i’m using Ubuntu) you need to

git clone https://github.com/certbot/certbot.git

Part 1: Create the Multi-Domain SSL Certificate

Navigate to your local letsencrypt directory:

cd  certbot

Initiate the SSL certificate creation process:

./letsencrypt-auto certonly --manual

Next, it will ask you to type all of your domains which you want covered by the SSL certificate. Be sure to include both your www domain and your non-www one. For example, type:

yoursite.com,www.yoursite.com

or, for more domains:

yoursite.com,www.yoursite.com,othersite.com,www.othersite.com

The Following Steps in Part 1 Will Have To Be Repeated For Each Domain and/or Subdomain.

Answer “Yes” to this message:

NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running letsencrypt in manual mode on a machine that is not your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

Next, you will get a message like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Make sure your web server displays the following content at
http://yoursite.com/.well-known/acme-challenge/rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ before continuing:
rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ.VjqjvJCf1eRdblgdXuYkwYAJiyyED4TrW2SXJza0IfU
If you don't have HTTP server configured, you can run the following
command on the target server (as root):
mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
cd /tmp/letsencrypt/public_html
printf "%s" rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ.VjqjvJCf1eRdblgdXuYkwYAJiyyED4TrW2SXJza0IfU > .well-known/acme-challenge/rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
Press ENTER to continue

At this point, open a separate terminal window (we’ll call this Terminal 2). In Terminal 2, make an SSH connection to your hosting account. In the line below, replace YOUR_USERNAME with your cPanel user name. If you don’t know your cPanel user name, look in your cPanel, under the “Files” section. Click “FTP Accounts.” The “Log In” name is the user name. Also, replace “yoursite.com” with your own site:

Once you’ve made the connection, navigate to the root directory of the site which the first terminal is referencing. Look back at the message in the first terminal, line 2 where it shows the site in reference.

Back in Terminal 2, in your site’s root, make the required directories, “.well-known” and “acme-challenge” like this:

1
2
3
4
mkdir .well-known
cd .well-known
mkdir acme-challenge
cd acme-challenge

To create the required file, first copy the filename from Terminal 1, line 2, which in the above example is:
rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ

After you copy that, go back to Terminal 2, and type “vi” followed by a space, and then paste the long file name:

vi rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ

This will open the new file in a text editor. Go back to Terminal 1 and copy the line of content that the message gives. In the example above, it’s line 4.

Come back to Terminal 2, type the letter “i” to put the editor in “Insert” mode. Paste the line which you copied from Terminal 1. You should be able to paste with “CTRL” + “Shift” + “V”.

Save and exit the file:

:wq

If it saved properly, go back to the first terminal. It should still say at the bottom, “Press ENTER to continue.” Now you can press ENTER.

It will walk you through repeating these steps for each domain and subdomain that you listed for the certificate.

After all of that, you should finally get a message like this:

1
2
3
4
5
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/yoursite.com/fullchain.pem. Your cert
   will expire on 201*-**-**. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.

Check that your 4 certificate files were properly created. In Terminal 1 (you can exit Terminal 2), navigate to the Let’s Encrypt /live/ directory and make sure there exists a folder for your site:

1
2
cd /etc/letsencrypt/live/
li

You should then see a directory named after your site. Navigate into that directory, and then list all the files:

1
2
cd yoursite.com
li

You should see 4 files:

1
cert.pem  chain.pem  fullchain.pem  privkey.pem

Part 2: Install The SSL Certificate in Your GoDaddy cPanel Hosting Account

Open the file fullchain.pem in your local editor, like (replace gedit with your editor, if needed):

1
sudo gedit fullcain.pem

Copy the top half of the file (only the first certificate). Copy from the first “—–BEGIN CERTIFICATE—–” to the end of the first certificate, “—–END CERTIFICATE—–

Once you’ve copied it, close the file.

Log in to your GoDaddy cPanel shared hosting account. In the Security section, click SSL/TLS Manager. Under Certificates (CRT), click “Generate, view, upload, or delete SSL certificates.”

Take what you copied and paste it under “Upload a New Certificate”, where it says, “Paste the certificate into the following text box:”

Type a description and click “Save Certificate.”

Click “Return to SSL Manager” at the bottom of page.

Under “Install and Manage SSL for your site (HTTPS),” click “Manage SSL sites.”

Select your first domain. Click “Autofill by Domain” and the certificate should populate in the first box.

Back in your terminal, open the file privkey.pem.

1
sudo gedit privkey.pem

Copy ALL of it, then close the file.

Back in cPanel, paste into the Private Key (KEY) text box.

Back in your terminal, open the fullchain.pem file again to copy the BOTTOM half:

1
sudo gedit fullcain.pem

Copy from the SECOND “—–BEGIN CERTIFICATE—–” to the end: “—–END CERTIFICATE—–“.

After you copy it, close the file.

Paste into the Certificate Authority Bundle: (CABUNDLE) text box.

Click “Install Certificate.”

If it’s successful, you should get a response message like this:

SSL Host Successfully Installed
You have successfully configured SSL.
The SSL website is now active and accessible via HTTPS on this domain:
yoursite.com
The SSL certificate also supports these domains, but these domains do not refer to the SSL website mentioned above:
othersite.com

Go Back to “Manage SSL sites.”

Under “Install an SSL Website”, select your next domain (that the certificate is for).

Click “Autofill by Domain” and the Certificate and Private Key should populate in the first two boxes.

Copy the SECOND part of fullchain.pem, like you did above, and paste it into the Certificate Authority Bundle: (CABUNDLE) text box.

Click “Install Certificate.”

You should get a success message.

Go Back to “Manage SSL sites” and repeat these last few steps (Install an SSL Website) for any other domains that you added to the certificate.

After a few minutes, you can confirm that the certificate is working by using this SSL Checker.

 

source:https://isabelcastillo.com/lets-encrypt-ssl-certificate-godaddy-shared-cpanel