CertSage ACME client (version 1.4.1) - easy webpage interface, optimized for cPanel, no commands to type, root not required


CertSage was designed for people of all ages and experience levels who want an incredibly quick and easy way to acquire Let's Encrypt TLS/SSL certificates. CertSage is especially helpful if you are using a shared hosting plan that does not allow root access, such as GoDaddy or tsoHost shared hosting. It's free, of course!

Changes from Version 1.4.0

  • Removed dependency on random_bytes function that had been causing an error for tsoHost customers since version 1.3.0


PHP 7.0+


Assuming that your domain name is example.com...

  1. Download certsage.txt.
  2. Upload certsage.txt into the webroot directory of your website (often something like public_html) that contains the content that you access when you visit http://example.com.
  3. Rename certsage.txt to certsage.php.


Assuming that your domain name is example.com...

  • Visit http://example.com/certsage.php.
  • Your password can be found in the password.txt file in your CertSage directory, which by default is located in the parent directory of the directory where you installed CertSage. The CertSage directory and password.txt are created automatically by CertSage when you visit the CertSage page in your browser. Should you wish to change your password, simply replace the contents of password.txt with whatever password you wish to use.
  • Most people will want to enter example.com and www.example.com as their domain names when acquiring a certificate.
  • To ensure that your CertSage installation is working, you can acquire a staging (fake) certificate.
  • Once you are confident that your CertSage installation is working, you can acquire a production (real) certificate.
  • Once you have successfully acquired a production certificate, you can have CertSage install it into cPanel by pushing a single button.
  • To renew your certificate, simply revisit http://example.com/certsage.php every 60 days to acquire and install a new production certificate.
  • You can subscribe to receive certificate expiration notifications from Let's Encrypt to serve as backup reminders to renew your certificate. Once you have subscribed, you will continue to receive certificate expiration notifications for all future certificates you acquire with CertSage. Should you wish to use different email address(es) after subscribing, simply enter all the email addresses you wish to use in the email address box then click Update Contact Information. Should you wish to stop receiving certificate expiration notifications, simply leave the email address box blank then click Update Contact Information.

WordPress Site Address Update


If you're a tsoHost customer getting a 503 error when trying to run CertSage version 1.4.1, the error might be the result of an outdated "PHP handler" line in the .htaccess file in your webroot directory (probably public_html). Try commenting out that line by adding a # symbol at the beginning of the line then running CertSage again.


Hey there,

shell_exec is in the disabled_functions on my cPanel and so I had to replace it with popen:

$outputRes = popen("/bin/uapi SSL toggle_ssl_redirect_for_domains domains=$domain state=0 --output=json", 'r');
$output = '';

while (! feof($outputRes))
    $output .= fread($outputRes, 8192);

Also, it turns out that I don't have the right ssl module installed in my cPanel for this to work, but the script does no Validation and so tries to enable the redirection. So I've added this after the first function call:

if (strpos($output, 'You do not have the feature “sslinstall”') !== false)
      throw new Exception('uapi "sslinstall" module missing');

What kind of hosting provider would disable shell_exec, but keep popen allowed? :scream:


Probably the same kind of hosting provider that wouldn't offer automatic free integration to enable TLS themselves but would allow a PHP script to do that kind of installation. (That is, the need for CertSage at all is because hosting providers are being incompetent, if not malicious, in not just doing everything needed for their customers to be secure.)


Is it UAPI that's not installed or just the particular module? How far did you make it with getting your implementation working? I'm always curious about how CertSage fares in interesting environments. Seems you've found one even more restrictive than GoDaddy and tsoHost.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.