My domain is hosted on a shared hosting (namecheap.com), and as a shared hosting I don’t have root privillege and therefore I can’t install the letsencrypt on the server. I can install it on the home directory though but I don’t have sudo access to modify any root files.
Can I just generate the cert in my local machine and install it with cPanel or (ssh)?
You need to change the config of the webserver to install the certificate after obtaining it. I am quite sure not every shared hosting service supports this.
@My1 I can upload certs with cpanel. Does it change anything? And also I have full access to my home directory (with ssh), but the server config don’t reside there, do they?
well then you can try manual mode (webroot auth just requires you to upload a file to your webspace) from a linux computer (or raspi) of your choice get the cert there and the upload it with your cpanel.
I managed to do this pretty easily even though my hosting provider Namecheap.com denied any support and claimed that it is not possible due to technical issues. I wrote a short and minimalist tutorial on it.
I have written a wrapper (lcget) to auto-complete the http challenge in manual mode. With this script you can get the certificate with a single command if other things (ssh) are set up properly. A command to get cert for example.com and www.example.com would be:
As it’s a wrapper, it just calls letsencrypt with all given arguments and monitors the output for challenges and parses the challenges, then runs an ssh command for each domain to complete the challenge. The readme file contains a detailed step by step process on how to set it up.
I have written another script (a standalone Python script) based on acme-tiny: letsacme.
This one is not for local host though, but far more easier to use than the lcget wrapper (mentioned in my previous post). And it doesn’t require sudo (root) access. So shared server/hosting users will also be able to run it (by logging in with ssh) and get the certificate. The completion of acme-challenge it automated.
Finally, I wrote another script (sslic) that lets me automate the process of installing the cert in my shared namecheap hosting using Cpanel API (UAPI)
Thus the whole process is automated:
Get the cert with letsacme
Install the cert with sslic
Run a cron job that integrates the above two.
I have laid out the step by step process in this tutorial