Auto Renew Certificate

jonmiller07 · March 18, 2021, 8:01am

My hosting provider, if applicable, is: Crazy Domain

I want to set up my certificate to renew automatically. I am a graphic designer, not a developer so I have no idea how this would be done. Can you talk me through it. Thanks.

schoen · March 20, 2021, 3:24am

Hi @jonmiller07,

There are a couple of certificates for this domain issued at various times, the most recent one 10 days ago on March 9.

(This one has an issue that it doesn't include www.freshiecelebrant.com, so people using many browsers—though perhaps not Google Chrome—will get an error when they try to access the site using the www form.)

Were you involved in obtaining this certificate? Do you know how it was issued or by whom?

How do you administer this site? What kind of level of access or responsibility do you have for configuring the site and server?

As of September 2019 we had a report that Crazy Domains's support for Let's Encrypt on their hosting plans was poor and would not allow automated renewals

I don't know if things have improved since then. There is also a less conclusive thread from 2020

with the same suggestion (that Crazy Domains may intentionally make it impossible to use automated renewal with Let's Encrypt certificates, because they want to sell you a certificate).

jonmiller07 · March 20, 2021, 3:55am

Hello

Thank you very much for your email here. This is all a little tech and confusing for myself, so all help is very much appreciated.

So I am using a service called SSL Zen. They had a free service, but that needed to be updated manually every 90 days, so we went for the paid service.

Do you know if that automatically updates?

And as for the www. version not having the SSL cert...can you give me direction on how to add that version as well? Does it need 2 seperate certificates?

That may be right about Crazy Domains, they are trying to sell their own version for a rather expensive price, so we went elsewhere.

Any more help you can give here will be amazing.

Thank you

Jon

schoen · March 20, 2021, 5:46am

Hi Jon,

If SSL Zen is installed as a WordPress plugin, there is a possibility that it will automatically update. In this case it might be helpful to ask SSL Zen about the level of automation that they have or haven't achieved in different scenarios.

The ideal use case for Let's Encrypt is that you would have automatic renewals via a software integration in your web server or your web hosting plan, and this would perform all of the necessary steps for you (so you wouldn't have to upload text files to prove your control over the domain name, or paste certificate data into a control panel, or anything). However, the extent to which this is possible depends on the level of control that you have over your hosting environment—or in many cases, the level of effort that the web hosting company has gone to to facilitate or thwart this!

It seems from other threads on this forum that, at least as of a year or two ago, Crazy Domains was more on the side of "thwart" than "facilitate", at least for some of their hosting customers. Hopefully that's no longer true, or perhaps the SSL Zen tool can work around it if it is true.

I would also love to hear if @_az and @griffin have any thoughts about your situation or your hosting plan.

griffin · March 20, 2021, 7:17am

While I'm not really familiar with this particular hosting provider, I am more than familiar with GoDaddy's restrictions when it comes to managing certificates. Between not having root access to the underlying apache configuration due to shared hosting and using cPanel to manage certificate installation, there are certainly challenges. This situation motivated the conception of CertSage, my ACME client. Thanks to @Osiris's recent efforts, CertSage now has the ability to autodetect the hosted (sub)domain name(s) and install the acquired Let's Encrypt certificate directly into cPanel without needing manual intervention. It's not fully automatic at this point (because there's no timed execution support yet), but I'd say that copying a single webpage (PHP) file onto your server (as the entire installation process), visiting the webpage in a browser, entering an email address (only on the first run or when you want to update it), and pushing a button is about as simple and reliable as it gets, especially for less tech-savvy users or those suffering from the shenanigans of a greedy/uncooperative hosting provider.

I need to do some error trapping and integration work on the added features, but everything should be fully-operational soon. I see no reason why CertSage wouldn't work for you too (even without the cPanel parts). It should be able to just be dropped into your webroot folder. As long as you have your DNS records setup correctly, a visit to the webpage should have your new private key and certificate saved onto your server in only a few minutes. You should be able to install them using whatever mechanism exists in your hosting. All you need is a working PHP installation, which is pretty standard with even the most basic hosting providers.

jonmiller07 · March 20, 2021, 11:12pm

Thanks for all of the help here. The plugin I am using does appear to have automatic renewal and a simple reinstall of everything seems to have covered the www and non-www problem. It says it will renew in 90 days, so I will just check again then

griffin · March 21, 2021, 12:18am

If it's using Let's Encrypt certificates it should renew in 60 days.

schoen · March 21, 2021, 2:28am

Note that "should" refers to Let's Encrypt's recommendations, not to something that is necessarily anticipated to happen for any technical reason.

griffin · March 21, 2021, 4:16am

Waiting 90 days will guarantee the certificate will expire though.

system · April 20, 2021, 4:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.