I have a lot of sites and they all are hosted on sharing hosting, so I don’t have any ssh access. I only have ftp and a control panel on the Internet.
So I have until now used certbot certonly --manual to securise my domains, but I have too much sites, and it takes me a lot of precious time. Is there any solution to automate that? Because let’s encrypt is free and my hosting provider propose me to pay between 50 and 320 per year to have a certificate. So with more than 15 sites, it’s not possible.
If not, do you know if there is another way to do it? Do you have any suggestions?
Others informations :
I have done my certificates on Centos 7,
My hosting provider is amen.fr
Without root SSH access, you are limited to the features of your control panel. Perhaps it has some sort of API to upload the certificates without manual intervention, perhaps not. You didn't specify your control panel and also your hosting provider can probably disable such an API if it even existed.
Tell your hosting provider you're not satisfied with it's current policy of SSL (but they probably won't care, as it is a method of income for them) and tell them you'll switch to another hosting provider which does support free and automated Let's Encrypt certificates. You can find such a hosting provider in Web Hosting who support Let's Encrypt
with this command :
certbot certonly --manual
you can securise a site without shell access putting a key in the ftp.
Then you enter the certificate and the private key in the control panel, and it’s done. But it takes a long time to do it for every site, so I’m searching for another way to do it.
In your situation, without an automated point of entry into the control panel, there's no way to automate the renewal of a certificate.
If the control panel doesn't have an official API to do such a thing, it might be possible to script all the HTTP requests and POSTs to your control panel and upload a certificate. But I don't know if anyone has done such a thing before for your controle panel or if you have the technological skills to script such a thing.
In the end, if you can point and click your way to upload the cert, so can a script.. But it might take a lot of time and know-how to do so.
This is one step to validate that you are the domain owner - http-01 - challenge, place a special file under /.well-known/acme-challenge/. You can do that per FTP.
But there is another challenge, dns-01. You have to create a dns-entry. So if your dns-provider supports an api and if you are able to run a command like
certbot --dns-cloudflare (or one of the other dns-apis)