Can I generate a letsencrypt cert in local host for a domain I own?

My domain is hosted on a shared hosting (namecheap.com), and as a shared hosting I don’t have root privillege and therefore I can’t install the letsencrypt on the server. I can install it on the home directory though but I don’t have sudo access to modify any root files.

Can I just generate the cert in my local machine and install it with cPanel or (ssh)?

Using the manual mode this can be done as long as you are allowed to change the web server configuration.

I think the documentation needs some improvements for users of shared hosting services and maybe a step by step guide.

you dont even need to change the config you just need to be able to place files in your webspace and obvious enough, upload certs.

You need to change the config of the webserver to install the certificate after obtaining it. I am quite sure not every shared hosting service supports this.

there might be an option to upload certs in the UCP of your hoster so you dont exactly need to change the config of the server in that case.

@My1 I can upload certs with cpanel. Does it change anything? And also I have full access to my home directory (with ssh), but the server config don’t reside there, do they?

well then you can try manual mode (webroot auth just requires you to upload a file to your webspace) from a linux computer (or raspi) of your choice get the cert there and the upload it with your cpanel.

I managed to do this pretty easily even though my hosting provider Namecheap.com denied any support and claimed that it is not possible due to technical issues. I wrote a short and minimalist tutorial on it.

These are the test sites that I tried this on:

https://forums.neurobin.org
https://chopshop.neurobin.org

Latest Firefox shows the green padlock as usual for those sites.

2 Likes

Yes you can by doing this approach using reverse proxy, for the /.well-known/acme-challenge/ path.

I have written a wrapper (lcget) to auto-complete the http challenge in manual mode. With this script you can get the certificate with a single command if other things (ssh) are set up properly. A command to get cert for example.com and www.example.com would be:

lcget certonly --manual -d example.com -d www.example.com -m mymail@domain.com

As it’s a wrapper, it just calls letsencrypt with all given arguments and monitors the output for challenges and parses the challenges, then runs an ssh command for each domain to complete the challenge. The readme file contains a detailed step by step process on how to set it up.

I have written another script (a standalone Python script) based on acme-tiny: letsacme.

This one is not for local host though, but far more easier to use than the lcget wrapper (mentioned in my previous post). And it doesn’t require sudo (root) access. So shared server/hosting users will also be able to run it (by logging in with ssh) and get the certificate. The completion of acme-challenge it automated.

Here’s a tutorial for shared server/hosting users on how to use this tool to get and install the certificate.

Finally, I wrote another script (sslic) that lets me automate the process of installing the cert in my shared namecheap hosting using Cpanel API (UAPI)

Thus the whole process is automated:

  1. Get the cert with letsacme
  2. Install the cert with sslic
  3. Run a cron job that integrates the above two.

I have laid out the step by step process in this tutorial

I am using this method for my sites:


https://docs.neurobin.org
etc…

1 Like