my 1and1 seemed don’t allow lets encrypt, I have tried few hours on:
acme.sh
getssl
etc
it can create the folder, but when I was running command to get cert, it always shows “command not found”.
I am wondering:
Can I point my website to my locally ip, then get lets encrypt cert first,
then load it to web hosting?
if I can, once I got cert, which file, and how I can load it web server?
Thanks.

In theory, yes, as long as your web hosting allows you to upload a certificate. It's highly unlikely that any of us here can help you with that step; you'd need to ask 1and1 support if that's possible, and how to go about it. Keep in mind that the certificate is only valid for 90 days, so you'd need to do this every 2-3 months. A better answer would be to move to a less user-hostile web host--there are many that natively support Let's Encrypt.

thanks.
My problem I have loads of things in 1and1, I really cann’t move hosting,
sure, 1and1 support told me they don’t allow shared hosting use external cert,
so unlikely they will help.
one girl in their support team yesterday told me: you don’t need do anything, once you got cert, https website should be working, Lol, that’s not true, but she sounds lovely.
all right,
I found nextcloud can do a lots in my shared host, any other way around the limition?
I think the cert has to store in the folder which withourt root you can reach the folder, right, so impossible?

If that is the case (and it's possible, I suppose, that it isn't), you aren't going to make this work. I'll leave to others here who may be familiar with 1and1 to address if there are workarounds you can use, but you have to have a way to tell the webserver to use the cert (and, more to the point, its corresponding private key) to encrypt communications. If there's no way to upload a cert/key through your control panel, and their support can't or won't do it for you, your only other option would be some kind of hack. Hopefully someone can chime in with more information here.

I mean TECHNICALLY, you can generate a cert & upload it, then use .htaccess to force https & throw another virtual host block inside the file. They don't support it, so they won't help you, but it doesn't mean you can't do it.

I think the cert has to store in the folder which withourt root you can reach the folder, right, so impossible?

Not impossible. You can store the cert in any folder as long as you point it to the correct filepath. It doesn't have to be an absolute path either. Put it in your doc root inside a hidden folder & put in a relative path to it.

NOTE:
If you do this, make sure your private key permissions are set to 600 (read/write for owner only).

Thank u so much!
Once I got the cert and store it in my hosting folder, how to point the cert? No root needed to point it?

You will want to add the virtual host block inside your .htaccess file. It would look something like this:

<VirtualHost *:443>
    ServerName domain.tld
    DocumentRoot /path/to/web/root
    <Directory /path/to/web/root>
        AllowOverride all
    </Directory>
    SSLEngine on
    SSLCertificateFile relative/path/to/cert/file
    SSLCertificateKeyFile relative/path/to/key/file
    SSLCACertificateFile relative/path/to/ca/file
</VirtualHost>

I am trying to get cert now, and try the code.

Yes, I got cert, it is working with my own local vbox debian server.
Then I changed the DNS back to 1and1, it only works with http
amended the .htaccess file with the code you gave,
it doesn’t work, I googled around someone said htaccess won’t bind the cert
in the server, ssl not working with it.
Any other solution?
Thanks

Please check below the code, did I understood right?

<VirtualHost *:443>
ServerName domain.tld-----------(change it to mydomain.com?)
DocumentRoot /path/to/web/root-----(is this obsolute path or relative path?)
<Directory /path/to/web/root>—(is this obsolute path or relative path?)
AllowOverride all

SSLEngine on
SSLCertificateFile relative/path/to/cert/file-----(with file name cert.pem?)
SSLCertificateKeyFile relative/path/to/key/file
SSLCACertificateFile relative/path/to/ca/file

Hi @SirCert

please answer all of the questions from the standard template you have deleted.

Your domain name, your OS, webserver etc.

Yes for domain… You may also want to add a server alias line: ServerAlias www.domain.com to cover the www. version of your domain.

For the Docroot paths, you really should do absolute paths if you know what they are.

@JuergenAuer makes a good point as well. I am giving instructions assuming that 1and1 is using apache to host their control panel for shared hosting.

thanks.
changed the code, still the same:

This site can’t provide a secure connection

someone said htaccess can’t bind certificate to the server,
any other clue please?

Post your domain and your htaccess so we know what we’re looking at.

the 1and1 shared hosting server is debian
I using win10, and vbox debian, through my vbox debian I have got the certificate, also the website is working perfectly with my vbox debian www server,
I can visit https through my mobile phone mobile networking from WAN.
As you can understand I cannot host the website with my own computer or vbox,
I changed the DNS back to the 1and1, and I copied all cert files: cert.pem, privkey.pem to 1and1 server,
I amended the .htaccess file with the code,
not working so far

Thanks a lot, as the reason you can understand, I just changed a bit name, but the rest all the same:

<VirtualHost *:443>
ServerName my-friend-domain.com
DocumentRoot /kunken/homepages/76/e988864446/htdocs/www/myweb
<Directory /kunken/homepages/76/e988864446/htdocs/www/myweb>
AllowOverride all

SSLEngine on
SSLCertificateFile /kunken/homepages/76/e988864446/htdocs/www/myweb-cert
SSLCertificateKeyFile /kunken/homepages/76/e988864446/htdocs/www/myweb-cert
SSLCACertificateFile /kunken/homepages/76/e988864446/htdocs/www/myweb-cert

Without the actual domain, we can’t do any checks. Also, gotta find a way to reload apache to register the change.

thanks.
Reload? restart?

i really don’t mind to unplug 1and1 power cord

...and also assuming that their configuration allows for .htaccess files to be effective. IMO, that is not a reasonable assumption, though it won't hurt to try.

Reload the Apache service if possible. Restarting Apache on a Shared Hosting server brings everyone else’s site down. Normally they are all on a single server instance and managed by a program like CPanel or Plesk.

@danb35 Most shared hosting allows you to set parameters inside .htaccess files. How much they allow differs from host to host, but if they allow it, then great. If not, then we tried & it didn’t work.