: 1&1.com charges extra to give you your own server so my URL cannot access this product as I don’t own my own server or have admin privileges to it

: 1&1.com charges extra to give you your own server so my URL cannot access this product as I don’t own my own server or have admin privileges to it.
I looked at the “Manual” setup and couldn’t understand it. Not enough info for me anyway. I am hoping that Let’s Encrypt will be able to work with Providers like 1&1.com but since 1&1.com makes money selling SSL certificates I fear this is a lost cause.
Bottom Line:
Is there a way as long as I have access to my URL’s root directory that I can use Let’s Encrypt?

With access to your root directory you can obtain a certificate with the manual method. But to actually use it: installation is a whole other part.

You'll have to install the certificate/private key into the webserver somehow. Most of the time this means root access to the server or otherwise some sort of panel in which you can configure your webserver, including the certificate/private key. And both are probably not the case.

2 Likes

Sure, at least four come to mind:

  1. Figure out what the docs have to say about using certbot in manual mode, and do that.
  2. Use something like https://gethttpsforfree.com/ to do the interfacing for you and obtain a certificate.
  3. If you have control over your DNS records, use one of the alternative clients that support the DNS challenge (I understand all the Bash and Go clients do, and likely others as well).
  4. Switch to a hosting provider that supports letsencrypt so you can get the cert with a click in your domain control panel.

Edit: but having obtained the certificate, the first three will still require that you have the ability to install it, which you may not have.

1 Like

Most of 1&1’s hosting packages come with an included SSL certificate (via their system and CA), so you would not need to use LetsEncrypt to secure your traffic.

You won’t be able to use LetsEncrypt with any shared hosting provider UNLESS they have implemented it on their end. Setting up SSL on a shared server would require giving every user admin rights over port 80 – which is just not something any responsible host could do.

1 Like

[quote="jvanasco, post:4, topic:19210"]
You won't be able to use LetsEncrypt with any shared hosting provider UNLESS they have implemented it on their end.[/quote]
How is this the case? As long as your hosting service allows you to place arbitrary files within your own webroot, and to provide TLS certificate and private key files, you should be able to use Let's Encrypt. It may be cumbersome (and likely will), but it should be possible.

I don't see why. If I have a hosting account for mydomain.tld that allows me to place arbitrary content on that domain (i.e., I'm not limited to using their site builder or whatever to design my content), that's all I need. Presumably a web server is already running, so I don't need to have my own software listen on port 80. All I need to do is serve the correct /.well-known/acme-challenge/ files.

1 Like

Shared hosts don't do that. dedicated and managed servers (cloud, fractional, vps, etc) do that. At best, shared hosts will integrate with LetsEncrypt or other CA's to have an automated process.

You explained answering a challenge, which can be a simple file or even DNS (and not involve the hosting service at all).

The issue is in inserting a ssl certificate.

Apache and nginx both require server restarts for an SSL certificate change (unless you do dynamic certs per domain with openresty's nginx variant, but that is a different story). These companies can host hundreds of customers on a single server -- so a restart for one domain can impact many.

A shared hosting provider would essentially need to give every user on the machine the ability to restart the webserver in order to install/update a SSL certificate for a domain. That is somewhat possible on nginx based installations, where each domain/account might run a dedicated version of nginx because of their memory imprint (EngineYard did that at first, but they are not a shared host -- they're PAAS). But shared hosts tend to be apache based companies who use mod_php + virtualhosts and do not offer sandboxed accounts. An invalid certificate pair can keep a system from functioning correctly, or even keep it from restarting at all. The amount of engineering needed to ensure proper testing, handle issues, protect against race conditions by competing users, etc is fairly large. Shared Hosting is a fairly low margin "budget" product too -- so stuff like this isn't a priority.

Technologically, sure... anything is possible. It's just not probable. I've only seen a few companies in 20+ years offer "bring your own ssl" to shared plans. Most charge to audit+update the certificate into their system, but a few offer control panels that generate the PKEY+CSR and require you to pass in that key .

Realistically, Shared Hosting providers fall into 2 categories of business: those who are partnering with LetsEncrypt and automating API access (or considering it), and people who are not interested in building out a "bring your own" SSL certificate infrastructure for their lowest margin product or have an internal SSL service that competes with LE.

1 Like

Thanks for getting back to me right away. I really do appreciate that.
Blessings,
Murph,

I think you forgot webroot.

Thanks for the additional detail, which makes perfect sense. In short, obtaining a cert should be entirely possible, but actually using the cert on the shared hosting isn’t likely to happen. Right?

1 Like

well that depends on the provider. while some of the are < insert random sinult here > just to sell their “own” certs for ridiculous prices, and others are nice and allow you your own cert.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.