My name is Michael and I am a consultant for a nonprofit that is just starting. Currently, we have a website that I operate on my own personal server at blackwoodsblizzardtour.com as a temporary landing page. As you may notice, I am using Let’s Encrypt on my Ubuntu server running nginx and currently have a certificate for the domain.
This current website is only temporary as we are hiring a prominent nonprofit web development company to create, host, and manage our “real” website in the coming weeks. We need to use this company and we’re happy with their rates for everything but SSL implementation. They charge an arm and a leg—and they use Let’s Encrypt which I clearly can implement for free, so it’s a bit of a rip-off.
The website will likely be hosted on their servers, so I wouldn’t be able to setup Let’s Encrypt via the server directly like I’ve currently implemented, but I’m wondering if there’s any way I can set up Let’s Encrypt by any other method?
I do have control of the domain/registrar account, if that’s helpful. I’d just really prefer to save the nonprofit the exorbitant fees for a free certificate if possible.
if the website is hosted on their server: How do you want to install the certificate?
Typically, the Letsencrypt client runs on the same server where the webserver is running.
So the client is able to save the private key with hight rights (users with lower rights can't read the private key) and the client is able to install the certificate.
That's the reason a Letsencrypt client normally has root rights.
Saving a private key as normal user isn't a good idea. Allowing a normal user to install the certificate (and change the configuration of a webserver) - same, this isn't a good idea.
So the company should use an own Letsencrypt client.
Once we have the new website developed, the nonprofit itself won’t have direct access to root; however, the web development company that does have direct access to root is charging us a lot of money for a free Let’s Encrypt certificate.
That’s why I’m asking if there’s anyway we as the nonprofit can setup the certificate ourselves without root access to the website and forgo the web developer’s exorbitant pricing for implentation of a free Let’s Encrypt certificate.
If you can’t touch the web server, the only way that seems possible is to manage the domain yourself and proxy the ‘real’ web server managed by your developer. It’s highly doubful that it would cost less than the ‘arm and leg’ your are talking about.
@gpatel-fr The “arm and leg” I’m talking about would be about $1,150. It’s a disappointing figure since they charge $150 for the certificate (free by itself) and $1,000 to set it up, when I could realistically do it myself for a grand total of $0. But if I’m not able to do it without access to the web server, then you’re probably right (because time and cost are both factors at play here). If that’s the case, we’ll likely pay them.
If those figures are accurate, you're probably better off with another hosting company. There are thousands if not more of them and I recon there's going to be one which is cheaper in the end.
@Osiris While I have to go with them for the development services for sure, I am going to see if I can unbundle hosting/SSL certification if I can’t find a workaround. Thanks!