Free SSL for your remote website with Certbot
Cristian Popescu
Posted on January 29, 2020
To get your website on the right path, you must have a professional look and inspire trust. What is a better way to do that other than get a certificate to attest that you are who you are telling everyone you are?
After you have this, your customers will be able to trust that they are barking at the right tree, so to speak, especially if you sell dog food, or cats 🐱, from a tree.
Not to bore you with any more details... here is how I managed to generate my SSL certificate for free with Certbot and Let's Encrypt, having only FTP access to a cPanel hosting platform, like most of basic hosting providers offer.
Walkthrough
Step 1 - Installing Certbot
extracted from here
Adding Certbot install source
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
Actually install Certbot
sudo apt-get install certbot
Step 2 - Start process
Trigger the process for obtaining a certificate
sudo certbot certonly --manual
You will be asked some questions that will help the process like domain name, and confirmation that your IP can be logged and stored.
In the end you will get this:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ.ZBWPX1wW-bZycJUQEVL0PxqWb7WbBG0XdbWHQqgERwA
And make it available on your web server at this URL:
http://test.com/.well-known/acme-challenge/3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Leave this console as it is, until you are done with the next steps.
Step 3 - Create the file locally
echo "3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ.ZBWPX1wW-bZycJUQEVL0PxqWb7WbBG0XdbWHQqgERwA" >> 3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ
This will create the required folder on your local machine
Step 4 - Create the required directory tree and copy the file up to the FTP server
As in the above example, you need to create the structure of urls that are requested. So login via FTP and create everything:
ftp ftp.test.com
// use your credentials that you were provided with from your hosting provider
// create if not present the .well-known folder
mkd .well-known
// change directory
cd .well-known
//create the acme-challange folder
// IMPORTANT: copy the text from the link in the console
// I ran into multiple issues by writing the folder name myself
mkd acme-challange
// change directory
cd acme-challange
// upload file
put 3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ
// exit ftp
bye
You can now go back to your previous console and hit ENTER, so you can finish up with the process.
Step 5 - You are done... almost
After successfully finishing up the process, you will be provided with the path of the generated certificates and keys, something starting with cd /etc/letsencrypt/live/
. Go there by switching to the super user on your local machine.
sudo su
cd /etc/letsencrypt/live/
Go into your cPanel and find SSL/TLS shortcut and manage your certificates. Select your domain and fill up the required form with CRT (cert.pem
) and KEY (privkey.pem
).
Now you can click Install certificate
and...
Your're DONE! Congrats!
Important Note
I. Keep in mind the acme-challange
folder name, it must be copied from the console since it has unusual characters encoding, which fails the test of Certbot.
II. Having the most basic plan, I do not have SSH access to my remote host, so I can only access it via FTP. If SSH was present, this thing would be much easier by installing certbot on the server machine.
III. Do not forget to add a permanent redirect from the root to your brand new https://
domain.
Thanks for reading.
Posted on January 29, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.