- Vastly streamlined underlying architecture and user experience to make CertSage more reliable and easier to use than ever
- No more clicking around to get back to the CertSage main page; everything can now be accomplished from the main page
- Added a button to both acquire and install a certificate in a single step
- Added color-coding to displayed certificate information text: green is good; yellow means your certificate needs renewed; red means your certificate is expired
This may be dealt with elsewhere, but I'm not finding it... Running on Godaddy to renew or replace my Let's Encrypt cert. I get this error:
urn:ietf:params:acme:error:unauthorized
: Invalid response from http:///.well-known/acme-challenge/2vUG5m-pDlBnuaJ70bd2X-Yug02OgTfBz_cc7tf29MU: 404
It looks like it's not creating the acme-challenge file, hence the error. When I look in that folder sure enough the new files aren't there, just the ones from April when I last updated the cert. The site I was using before seem to be broken, which is why I'm trying CertSage.
Are you hosting multiple domain names in cPanel?
Challenge files are used once then deleted.
Turns out my issue was that I had the script in my Scripts folder, not in the root. Once I moved it things worked as expected. 
After using CertSage, do I need to leave the certsage.php in my root dir or is it ok to rename it back to txt?
If you want autorenewals to work, the PHP needs to remain in place. There's no real benefit in renaming or removing certsage.php.
Thank you. How does this affect the current Sectigo cert (expire in about a year) I now have installed on my cPanel? Does it just override it, or do I need to do anything else beside running your install script?
Also, are there any possible security issues/concerns with having the certsage.php in the root dir?
If you install a Let's Encrypt certificate into cPanel via CertSage, your underlying webserver (e.g. Apache) will be configured to utilize that certificate rather than any previously-installed certificate for the applicable domain name(s). Any previous certificates you have installed into cPanel should still be archived inside cPanel.
Not to my knowledge. The password protection in CertSage mitigates the minimal malicious possibilities of unwanted external usage of CertSage. If you want to be overly cautious, you could replace the contents of password.txt with contents the length of a novel. 
I'd attempted to install (as a separate step) the certificate via certsage.php, but I get an error: " Trouble...
password was incorrect"
I did change the password in the password.txt file, but I don't recall whether it was after I acquired the certificate initially, and if that could case this issue.
I selected the EC key type
The password at any given time is whatever is in the password.txt file. A submitted password is checked against the file contents every time a submission is made.
I made several attempts, but it I get the same 'incorrect' password response each time.
My webhosting provider would be willing to install this for me, but they ask for the cert & key & ca-bundle (this I don't see in the certsage dir?)
Are you looking in the correct password.txt file? You should be able to either copy and paste the entire contents from the password.txt file into the password box in CertSage or change the contents of the password.txt file to whatever you have been entering into the password box in CertSage. If you're using multiple copies of CertSage, which is very common, I strongly recommend having the contents of all of their password.txt files being identical to prevent confusion.
This is the first time I'd ever used CertSage, v3 in this case, and downloaded directly from this page as certsage.txt. The password used was my own 20 character randomly created password which I'd inserted into the password.txt file. Then, I'd created an 'EC' key type, asked a couple of questions here (above), and later attempted to install the certificate.
I just tried it again and received message: "Success! Certificate installed into cPanel."
I renamed the password.txt file and reloaded mydomain/certsage.php, which resulted in CertSage creating a new password.txt file, which I pasted into the 'password challenge' box.
Your passwords do not seem to include the types of characters I'd used - e.g. Zg)=@rYyj%'>&^DNAD^7
The generated password is a base64 conversion of random binary data. It's possible that the password you created yourself couldn't be URL-encoded, which resulted in corrupting it when transmitting it to your server. Something I'll need to keep in mind. 
That's a great sign! 
Thanks for putting this together! I was worried I was going to have to find a different host when I realized namecheap didn't use autossl for LE certs.
It would be really nice if autorenew could be sent as an action such that the script would produce meaningful plain text output (possibly only on error?) that cron could then send an email on. This would be more intelligible from a monitoring standpoint.
If this is in a repo somewhere I'd be happy to take a crack at this and submit a PR to you.
Thanks. I'm happy that CertSage worked for you. 
Though I often take and incorporate recommendations, I solely maintain CertSage myself and specifically only release here in this community. I appreciate the offer to help code though.
In addition to PHP's standard error-logging mechanisms, there is a responses.txt located in the CertSage data directory that contains all communications from the Let's Encrypt servers throughout the ACME process. At present, this is the best place to start looking if something goes awry when CertSage is operating "headlessly" (by being called via some method where its output is not being returned for display to the user). For a quick "upgrade" for monitoring purposes, the output of the curl call in the cronjob could simply be redirected to a file then opened via a browser or text editor. That would immediately yield the desired information. Yes it is possible to enable email output from the cron job though it could get very annoying after a short time (as it did during my testing). Keep in mind that any execution of CertSage via some means other than a cronjob (e.g. search bot) would obviously not be enhanced by tweaks to the cron job.
Certainly things for me to think about here.