Latest version

Screenshot_20250408_183733_Samsung Internet1439×9272 522 KB

Introduction

CertSage was designed for people of all ages and experience levels who want an incredibly quick and easy way to acquire Let's Encrypt TLS/SSL certificates. CertSage is especially helpful if you are using a shared hosting plan that does not allow root access, such as GoDaddy or tsoHost shared hosting. It's free, of course!

Changes from Version 2.0.0

• Switched from using PHP shell_exec() to exec() to expand certificate installation compatibility to more hosting providers

Requirements

PHP 7.0+

Installation

Assuming that your domain name is example.com...

1. Download certsage.txt.
2. Upload certsage.txt into the webroot directory of your website (e.g. /public_html) that contains the content that you access when you normally visit http://example.com.
3. Rename certsage.txt to certsage.php.

Usage

Assuming that your domain name is example.com...

1. Visit http://example.com/certsage.php.
2. Copy your password from your password.txt file located in your CertSage data directory, which by default is located in the parent directory of the directory where you installed CertSage. The CertSage data directory and password.txt file are created automatically by CertSage when you visit the CertSage page in your browser if they don't already exist. Should you wish to change your password, simply replace the contents of password.txt with whatever password you wish to use going forward.
3. Enter the (sub)domain names in the box, one per line, for which you wish to acquire a certificate (e.g. example.com and www.example.com).
4. Select your certificate key type.
5. Enter/paste your password into the password box.
6. (Optional) To ensure that your CertSage installation is working, push the button to acquire a staging (fake) certificate.
7. If you are confident that your CertSage installation is working, repeat steps 3, 4, and 5 above (if necessary) then push the button to acquire a production (real) certificate.
8. If you use cPanel, push the button to have CertSage install your production certificate into your cPanel and setup a cron job for you to automatically renew your certificate when needed. If you don't use cPanel, you'll need to install your production certificate using some other method and manage your own certificate renewals.
9. (Optional) To subscribe to receive important notifications directly from Let's Encrypt, enter the email address(es) in the box, one per line, that you wish to use, then push the Update Contact Information button. To unsubscribe, leave the email address box empty then push the Update Contact Information button.

Using CertSage with Multiple Domain Names Hosted within a Single cPanel Account

WordPress Site Address Update

If your WordPress site starts returning an infinite redirect loop (and thus never loads), follow the instructions in this article to update your site URLs in WordPress:

Hello,
thank you so much for your work.

The certsage.php could be nested inside some directory or is it mandatory to stay on the root one?

I saw that when CertSage is used to install certs on cpanel, automatically add a cronjob to start itself without parameters once a day, i'm not so skilled to read the code, do you check if the script is called by localhost? Or it run anyway?

Welcome to the Let's Encrypt Community!

certsage.php must be located in the webroot directory since it creates the challenge directories and files inside the directory in which certsage.php is located.

I'm not exactly clear on what you're asking here. At the end of the first certificate installation, CertSage appends a cron job to the user cron tab file, which is not the system cron tab file.

Ok, i was just wandering about it, because can be easily spotted by a crawler if a domain use or not CertSage, that's maybe isn't a problem at all, but sooner or later could be a security flaw.

Sorry about that i'm not native english speaker so maybe i could translate something wrong.

What i mean is that, to automate the the renew of the certificate, you add an user cron job that call with curl the https://doma.in/certsage.php without arguments.

So i suppose (sorry but my code reading skill isn't so deep) that if that php page/script is called without arguments, if the certificate is old enough and if it's present the file autorenew.txt it start the renew process without any input.

Do you have implemented some check from where the curl command is invoked?

I mean, if a malicious user put a bot curling your https://certsage.com/certsage.php the php script will run or not?

I know that these could be useless concern, but where there are peoples like you that help others to made internet a better place, there are ten that thinking how to use this as Trojan horse.

CertSage generally requires a password to use, so no need to worry about bots/crawlers.

This is true.

This is expected and part of the design. If a bot/crawler wants to trigger your renewal for you, this is not a problem. The code for checking if it is time to renew is very lightweight, so there's no significant loss in terms of your server's resources if bots/crawlers are hitting certsage.php frequently.

I welcome feedback and questions about security. They help me make CertSage better for everyone.