Can not get Public Key on Shared Hosting Provider

Hi all,
I am hosted on BlueHost and they do not provide the public key. I am trying to use to get the certificates, but I can not get passed the first step without the public key.

They do however provide a a CSR. But does not allow you to proceed with only that.

Any ideas on how I can proceed?

All help will be much appreciated!

Hi @lankanmon, I think the “gethttpsforfree” web site might be confusing you about which public key it wants. There is a public key that will ultimately be used by your site for HTTPS (the “subject public key” for the certificate, sometimes also just called something the “site’s public key”). This is actually contained within the CSR so it would be possible to extract it.

However, the key that gethttpsforfree is asking you about is the Let’s Encrypt account key. This is a crypto key that you would generate for yourself on your own computer (not something generated by BlueHost), to serve as a kind of credential to control your relationship with Let’s Encrypt. If you haven’t generated one, it doesn’t exist anywhere yet. For example, you might use the account key if you wanted to revoke your certificate or if you wanted to issue a new certificate for the same site in the future (like when the initial certificate expires 90 days from now).

If you click on “how do I generate this?” on the gethttpsforfree site, a box will appear that begins with “How to generate a new account keypair using openssl”. There, the site will give you some command-line commands to run on your own computer to generate public and private keys for this purpose. In providing these commands, They are assuming that you are using Linux or MacOS X, or that you have access to a command line on a computer that is running one of these operating systems. If that’s not the case for you, you are not the intended audience for the gethttpsforfree site right now – the subsequent steps on gethttpsforfree will also require running other openssl command-line commands.

Hi schoen,
Thank you for the prompt reply! I did not realize that was to be used on a personal system. I ran the commands on my Unbuntu VM and it was able to generate a private code, but when I ran the command for the public key, it gave me this (below) error, which I also recieved earlier on my web server.

OpenSSL> rsa -in account.key -pubout
Error opening Private Key account.key
140712423425680:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('account.key','r')
140712423425680:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key
error in rsa

Hi @lankanmon, if you want to have the account key on a server, that’s fine too, as long as you can run openssl commands there. It doesn’t specifically have to be your personal computer, it just has to be a computer that you trust where you can run command-line commands and where you won’t lose control of the key files.

That error indicates that you did not previously run openssl genrsa 4096 > account.key in the same directory on the same computer. Perhaps you were in a different directory when you ran it, or a different account, or a different computer.

Oh okay, Thank You for clarifying. I just changed directories and it seemed to work :smile: . I will see if I can proceed with

Hey I just finished the certificate installation process. It works now.
I remember that this was for only 3 months, so do I need to do this all again in 3 months? - Is there a way to avoid having to do that?

If you are using the method, then it will need to be done manually every 3 months ( or best just a bit before :wink: ). You can use many of the other clients to automate the process though, or better still talk to your hosting provider and see if they are happy to provide one of the clients on their servers for their customers in the next 3 months … good for them and good for you :slight_smile:

1 Like

Please look at my answer here

Ill try to write up a step by step how to in the comming days.

EDIT: I see it's working for you now happy to hear that.

1 Like

Thanks for that, I will look into other solutions too. I am hosted on BlueHost and they sell their own certificates and install them too. So I am not sure how happy they will be with doing that for me. I need to figure out how to install the Let’s Encrypt client on my server. I don’t think they will be against that. I just hope it will be compatible with my server setup.

Thanks for that, I saw your post and followed it. I manged to get it setup, however they asked me to still upload the files through the cPanel too. They did however manage to install them. I look forward to your write up.