CertSage ACME client (version 1.2.0) - easy webpage interface, optimized for cPanel, no commands to type, root not required


CertSage was designed for people of all ages and experience levels who want an incredibly quick and easy way to acquire Let's Encrypt TLS/SSL certificates. CertSage is especially helpful if you are using a shared hosting plan that does not allow root access, such as GoDaddy shared hosting. It's free, of course!

Changes from Version 1.1.0

  • removed code.txt requirement
  • improved processing delay indication
  • relaxed directory and file permissions
  • separated certificate acquisition and contact update into separate tasks
  • streamlined architecture to improve stability, performance, and user experience
  • improved error messaging to make solving certificate acquisition problems easier
  • staging certificates and their private keys are no longer saved to prevent accidental installation


PHP 7.0+

CertSage Installation and Usage

Assuming that your domain name is example.com...

  1. Download certsage.txt (26.2 KB).
  2. Upload certsage.txt to the webroot directory of your website (often something like public_html) that contains the content that you access when you visit http://example.com.
  3. Rename certsage.txt to certsage.php.
  4. If you are hosting multiple websites on a single webserver, you will need a copy of certsage.php in the webroot directory of each of your websites.
  5. Visit http://example.com/certsage.php to acquire your certificate. Most people will want to enter example.com and www.example.com as their domain names.

cPanel Certificate Installation

  1. Open cPanel in your web browser.
  2. Scroll to the FILES section.
  3. Click on File Manager (which should open in a new tab).
  4. Open the CertSage folder.
  5. Click on the certificate.crt file.
  6. Click Edit.
  7. Copy the first certificate in the file including its header and footer.
  8. Click Close.
  9. Switch back to the cPanel tab.
  10. Scroll to the SECURITY section.
  11. Click on SSL/TLS (not SSL/TLS Status).
  12. Scroll to the INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS) section.
  13. Click on Manage SSL sites.
  14. Scroll to the Domain section.
  15. Select your domain name in the drop-down list.
  16. Paste your certificate in the Certificate box.
  17. Switch back to the File Manager tab.
  18. Click on the certificate.key file.
  19. Click Edit.
  20. Copy the private key in the file including its header and footer.
  21. Click Close.
  22. Switch back to the cPanel tab.
  23. Paste your private key in the Private Key box.
  24. Click Install Certificate.

cPanel HTTP to HTTPS Redirection

  1. Open cPanel in your web browser.
  2. Scroll to the DOMAINS section.
  3. Click on Domains.
  4. Expand the section for your domain name.
  5. Switch Force HTTPS Redirect to On.

WordPress Site Address Update


may better to have some way to stop hitting ratelimit: like return early if fresh enough(<1week) production certificate/key is already there?


While possible, this would require decoding the certificate and comparing to the request. Can be done, but would add a significant amount of logic to prevent a manually-driven issue. Since at present the user must manually generate then install the certificate, it is unlikely that a user would want to expend the effort to rate limit themselves. Unlike the workflow of many/most other ACME clients, there is a definitive point in the CertSage process where the user necessarily recognizes the successful acquisition of the certificate, making it highly unlikely that the user will immediately attempt to acquire another certificate for installation. If a user wants to obsessively install a new certificate six times per week, that same user will likely just circumvent any prevention mechanism.

On another note, considering that the staging and production certificates and keys overwrite one another, logic would be required to distinguish between a staging and production certificate, which is no small feat without hardcoding the names of the signing intermediates. Could (and probably should) disable the saving of staging certificates to circumvent this issue. Think I'll do that today to prevent installation of staging certificates and keys.

As a note for future development efforts, if a guard were put in place to prevent early renewal, it would either need to be very basic with an easy way to ignore or it would be necessary to save non-duplicate certificates separately, verify cert-key pairs, and check for revocation to ensure that an existing certificate viably satisfies the user's current request.


Feature just added.

Staging certificates and their private keys are no longer saved. This prevents them from accidentally being installed. It also consequently prevents the latest production certificate and its private key from being overwritten by a staging certificate and its private key.


My suggestion:

"easy webpage interface, optimized for cPanel, "


Done. :slightly_smiling_face:


Offer "Free cup of coffee if you can't get a cert in under 5 minutes".
[Note: Must be picked up in person - cup NOT included - Colorado?]


I'd love to offer that. :smiley: While CertSage itself is very reliable and I'm happy to address any troubles encountered within the CertSage software itself, the myriad environments and circumstances in which CertSage can be utilized make it impossible to make such a guarantee. I can say that my development of CertSage was undertaken entirely on Samsung smartphones and thoroughly tested on my own, stock GoDaddy cPanel shared hosting instances, so GoDaddy users at the very least have a fully blazed path to travel. There has also been testing on other hosting and platforms as well with generally complete success. A few hiccups have happened along the way with this release addressing several of them.

That said... if any of the usual suspects around here are in the Denver area and want to get together, the first coffee is on me. :slightly_smiling_face:

P.S. - Installing CertSage should take less than 30 seconds. Acquiring a certificate covering two domain names should take less than 10 seconds. My personal best time for running through the exact cPanel Certificate Installation instructions above is about 45 seconds. All of these times are when using a smartphone.


Thank you that worked well.


I heard that Benny’s closed during the pandemic and will not reopen.

I am so sorry.


Never knew about them. :frowning:

Wish I had known before they closed. Hacienda Colorado has struggled to achieve their former quality and variety. La Loma has good quality, but is too mild for my taste.

On an odd note, the infamous Casa Bonita was bought by the creators of South Park. Have no idea what that's about yet.