Free SSL for your remote website with Certbot

cripstian

Cristian Popescu

Posted on January 29, 2020

Free SSL for your remote website with Certbot

To get your website on the right path, you must have a professional look and inspire trust. What is a better way to do that other than get a certificate to attest that you are who you are telling everyone you are?
After you have this, your customers will be able to trust that they are barking at the right tree, so to speak, especially if you sell dog food, or cats 🐱, from a tree.
Not to bore you with any more details... here is how I managed to generate my SSL certificate for free with Certbot and Let's Encrypt, having only FTP access to a cPanel hosting platform, like most of basic hosting providers offer.

Walkthrough

Step 1 - Installing Certbot

extracted from here
Adding Certbot install source

    sudo apt-get update
    sudo apt-get install software-properties-common
    sudo add-apt-repository universe
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update

Actually install Certbot

sudo apt-get install certbot

Step 2 - Start process

Trigger the process for obtaining a certificate

sudo certbot certonly --manual

You will be asked some questions that will help the process like domain name, and confirmation that your IP can be logged and stored.
In the end you will get this:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ.ZBWPX1wW-bZycJUQEVL0PxqWb7WbBG0XdbWHQqgERwA

And make it available on your web server at this URL:

http://test.com/.well-known/acme-challenge/3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Leave this console as it is, until you are done with the next steps.

Step 3 - Create the file locally

echo "3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ.ZBWPX1wW-bZycJUQEVL0PxqWb7WbBG0XdbWHQqgERwA" >> 3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ

This will create the required folder on your local machine

Step 4 - Create the required directory tree and copy the file up to the FTP server

As in the above example, you need to create the structure of urls that are requested. So login via FTP and create everything:

ftp ftp.test.com
// use your credentials that you were provided with from your hosting provider
// create if not present the .well-known folder
mkd .well-known
// change directory
cd .well-known
//create the acme-challange folder
// IMPORTANT: copy the text from the link in the console
// I ran into multiple issues by writing the folder name myself
mkd acme-challange
// change directory
cd acme-challange
// upload file
put 3somCsUrL5gqQ1dpEZH-cdunbOh0s4EopDqeAL8bGEQ
// exit ftp
bye

You can now go back to your previous console and hit ENTER, so you can finish up with the process.

Step 5 - You are done... almost

After successfully finishing up the process, you will be provided with the path of the generated certificates and keys, something starting with cd /etc/letsencrypt/live/. Go there by switching to the super user on your local machine.

sudo su
cd /etc/letsencrypt/live/

Go into your cPanel and find SSL/TLS shortcut and manage your certificates. Select your domain and fill up the required form with CRT (cert.pem) and KEY (privkey.pem).
Now you can click Install certificate and...

Your're DONE! Congrats!

Important Note

I. Keep in mind the acme-challange folder name, it must be copied from the console since it has unusual characters encoding, which fails the test of Certbot.
II. Having the most basic plan, I do not have SSH access to my remote host, so I can only access it via FTP. If SSH was present, this thing would be much easier by installing certbot on the server machine.
III. Do not forget to add a permanent redirect from the root to your brand new https:// domain.

Thanks for reading.

💖 💪 🙅 🚩
cripstian
Cristian Popescu

Posted on January 29, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related