CertSage ACME client (version 1.0.0) - easy webpage interface, no commands to type, root not required

A newer version is available!


Introduction

CertSage was designed for people of all ages and experience levels who want an incredibly quick and easy way to get Let's Encrypt certificates for their websites. CertSage is especially helpful if you are using a shared hosting plan that does not allow root access, such as GoDaddy shared hosting. It's free, of course!

Requirements

PHP 7.0+

CertSage Installation and Usage

Assuming that your domain name is example.com...

  1. Download certsage.txt (25.3 KB).
  2. Upload certsage.txt to the webroot directory of your website then rename certsage.txt to certsage.php. The webroot directory of your website (often something like public_html) contains the content that you access when you visit http://example.com. If you are hosting multiple websites on a single webserver, you will need to put a copy of certsage.php in the webroot directory of each of your websites.
  3. Visit http://example.com/certsage.php to get your certificate. Most people will want to enter example.com and www.example.com as their fully qualified domain names.

cPanel Certificate Installation

  1. Open a new tab in your browser, navigate to cPanel File Manager, then open the CertSage directory (located one directory above your webroot directory by default). It's the same directory where code.txt is located.
  2. Edit/view your private key file (private.key) then copy its contents.
  3. Open a new tab in your browser then navigate to the SECURITY section of cPanel.
  4. Open SSL/TLS ( not SSL/TLS Status ).
  5. Click Generate, view, upload, or delete your private keys.
  6. Scroll down to the Upload a New Private Key. section.
  7. Paste your private key into the box.
  8. Enter today's date as the description.
  9. Click Save.
  10. Click Go Back.
  11. Switch back to the browser tab with cPanel File Manager.
  12. Edit/view your certificate file (certificate.crt) then copy its contents.
  13. Navigate back to the SECURITY section of cPanel.
  14. Open SSL/TLS ( not SSL/TLS Status ).
  15. Click Generate, view, upload, or delete SSL certificates.
  16. Scroll down to the Upload a New Certificate section.
  17. Paste your certificate into the box.
  18. Enter today's date as the description.
  19. Click Save Certificate.
  20. Click Go Back.
  21. In the table, find the certificate with today's date under Description then click Install under Actions.
  22. Scroll down to the bottom of the page then click Install Certificate.
  23. Click OK.
  24. Don't be alarmed when you see red padlocks in the table next to some of the subdomain names. This is normal because those subdomain names are unused for this purpose.

cPanel HTTP to HTTPS Redirection

  1. Navigate to the DOMAINS section of cPanel.
  2. Open Domains.
  3. Expand the section for your domain name.
  4. Make sure the Force HTTPS Redirect switch is set to On.

WordPress Site Address Update

9 Likes

Breaking down the impediments that for-profit businesses continue to hold on to.

Bravo!

I'm certain this will go a long way in helping us all to secure the Internet :slight_smile:

2 Likes

Just so I understand (as I've not used this sort of shared hosting myself), it's an easy 3 step process to get the certificate, but then one has to go through that 24-step CPanel process to install because this kind of shared hosting doesn't have an automated way? Is this just a one-time setup with renewal handled automatically, or does one need to go through this process manually every couple months?

2 Likes

It must be repeated each renewal. I'll be adding a switch to the interface soon to automate the cPanel installation (thus eliminating all 24 of those steps).

Keep in mind that the cPanel installation steps are "click-by-click" to ensure there's no confusion. Once you go through them once, it takes under 2 minutes to repeat them. :slightly_smiling_face:

The cPanel redirection only needs to be preformed once.

3 Likes

Here's an odd bit...

cPanel has file upload sections for both the private key and certificate that allow one to select from files on the local device. What is not offered (by GoDaddy's cPanel at least) is a means to select from files already on the server. If the latter were possible, the manual certificate installation process would be considerably shorter. One could simply download the private key and certificate from the CertSage folder then re-upload them in cPanel. This is silly though since part of the purpose of using CertSage is to ensure that the private key never leaves the server on which it is generated.

1 Like

Nice! You could distribute this through github so you can tag specific releases and give people a link to the latest file. Otherwise you'll need to come back and edit this post every time you want to give someone an updated version.

3 Likes

Very true, @webprofusion. :slightly_smiling_face:

I do have a project created for CertSage on GitHub, but it's currently set private. I'll look into making it hospitable for distribution.

2 Likes

Shouldn't be necessary if cPanel offers the upload of the certificate with the API. Not sure how many shared hosting providers offer the uapi SSL install_ssl command tho..

2 Likes

uapi is fine and GoDaddy (mostly) supports it. However, it's odd to me that I can't install locally-stored private key and certificate files from the cPanel GUI itself. I can upload remote files and paste contents from my clipboard, but I can't select local files on the cPanel-managed host itself?

1 Like

Uploading a file from the local storage is a simple HTML form which is featured in many basic "HTML 101/HTML for dummies" tutorials. """Uploading""" remote content on the server itself to cPanel would probably be quite more difficult to program, not with just a simple <input type="file"> HTML code.

cPanel would have to code the entire "Select a file" structure itself, as that can not be done by the browser: the browser works locally and not remote.

Now, cPanel already has an entire remote file structure piece of coding in it, so it probably wouldn't be that hard.. But why whould they build such a feature if CertSage is going to be the only application for such a feature? :wink:

2 Likes

I agree that the functionality isn't HTML standard, but think about the use-case/story though. Aren't MOST private keys generated on the server on which they are intended to be used? Sure, I can generate private keys (and CSRs) directly inside cPanel, but what if I'm using openssl on the cPanel-managed host (like millions of people do)? I have found instructions to select local files in cPanel, but the corresponding functionality isn't present in GoDaddy cPanel.

1 Like

Well, as it is you're trying to just work around the functionality of the hoster not enabling cPanel's built-in get-a-free-certificate functionality. Be careful about making your client too easy to integrate, or they might intentionally cripple their cPanel even more to make it harder. :slight_smile:

2 Likes

Based on my last interactions with cPanel - which were many years ago - that doesn't sound odd to me at all.

cPanel targets a lot of shared hosting and virtual systems, and is often run as a privileged user. Properly locking down the visibility/reading of files on a server would mean computing a lot of permissions and even usable directories itself.

Things may have changed. Hopefully many things did. My previous understanding of cPanel suggests this limitation would have existed as a security concern for a handful of typical installation patterns.

3 Likes

Unfortunately the script does not run out-of-the-box.

I get these errors:-
Warning : mkdir(): Permission denied in /var/www/html/certsage.php on line 34
Notice : Undefined variable: certsage in /var/www/html/certsage.php on line 980
Notice : Trying to get property 'version' of non-object in /var/www/html/certsage.php on line 980

1 Like

@griffin, Maybe line #15 should be altered (in some cases)???
$dataDirectory = "../CertSage";

@Usalabs, did you connect to it properly?
Like shown in step 3:


If not, then how?

And in any case which step did the first error show itself?

1 Like

I did exactly as instructed and uploaded certsage.txt to my server web root ie /var/www/html and renamed it to certsage.php using mv certsage.txt certsage.php then using a browser I enter my test servers url (this url can not be accessed from outside the LAN, it's a test bed, using an internal DNS server) http://testbed.com/certsage.php I even tried the direct IP address http://192.168.0.160/certsage.php. Oh and I forgot, I'm using PHP version 7.4, if need be, I can quickly change from PHP 5.6, 7.0, 1, 2, 3, 4, and 8.0, I wrote a bash script for that purpose.

I know a little about programming, and it seems to be using a variable called directoryPath and Permissions that I don't see anywhere in the script to be defined, which leads me to believe it's calling a variable from something else, should there be anything else installed along side the php scrip? Such as LetsEncrypot itself? If so, I do have that installed.

1 Like

And you expect to get a valid cert from LE for a domain you don't own?
OR am I reading you wrong?

Yeah, that doesn't explain the mkdir error.
Let's wait for @griffin to chime in.

1 Like

No, I don't expect a valid cert, but I do expect the php script to function as described.

If it won't work on a test bed, then it's not going to work on a live site.

1 Like

It is described to get valid cert for those that are trapped by cPanel type controls.

Almost a valid point.
But I didn't read anywhere about it being able to be tested in such offline environments.

1 Like

Firstly, thanks for reporting the errors. I'm always trying to make things more robust. :slightly_smiling_face:

1 Like