Remember the good old days? When Network Solutions owned all the domains? And the entire Internet? (And when Internet was a proper pronoun)?
Back then you could click "Buy Now", fill out a few details and get a certificate which you could copy/paste (or forward the email) for your web host to install.
What happened? What's with all the command lines and secret codes?
Is there no way for a regular person without a Mac to just click "Generate my cert", download the certificate and hand it over to my web host?
If not, is there anywhere to buy a simple certificate in exchange for convenience?
Well, for shared web hosting, it is (supposed to be) even easier.
Hosting platforms like cPanel have AutoSSL enabled by default, which will automatically obtain and install certificates for every user domain.
No need to buy a certificate or email it to your host.
There are hordes of shared hosting providers out there which offer this as part of their basic service.
If you have chosen a shared host which does not provide free and automatic SSL, then you are probably in one of the least favorable situations: you have to purchase a certificate from a retailer and then also do everything manually.
The tooling to set up automated SSL certificates (like Certbot) is generally intended for users who are running their own webservers and want SSL setup and renewals to be an automated process.
You are still welcome to purchase a certificate from any retailer like ssl.com or zerossl.com or ssl2buy.com or whatever. If you don't want to change to a better shared host, it's probably a good option.
Thank you. I began directing clients away from ASmallOrange last year. We're loving life on WPXHosting. They automate LetsEncrypt for us. And its one of the (many) things we love about them!
Unfortunately I still have a few stragglers over on ASmallOrange, and moving seems almost worse than typing shell commands!
Unfortunately ASO's cheapest encryption is $40/year per domain. Yes, it's a lot better than Thawte or Verisign years ago, but years ago Google didn't require the most basic, static website to have SSL just to play friendly in Chrome.
Thanks again. Yes, these are shared hosting clients. They have small, simple websites. At most a Wordpress installation.
You mention Cloudflare... I've worked with Cloudflare on a number of hosted applications (Clickfunnels, Groovepages, SamCart, etc, etc). I'm not sure I've made the connection to how Cloudflare could provide the SSL on behalf of ASO... Tell me more about that option?
If you enroll onto a Cloudflare plan, public traffic is routed onto their network. You can optionally install their private Origin Certificate (https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/) onto your server to encrypt traffic between your servers and theirs - or leave it unsecured. Cloudflare will automatically obtain publicly trusted certificates (from LetsEncrypt or other services) on your behalf, and automatically encrypt traffic between their network and end-users with that public certificate.
Cloudflare is usually the best option for small hobby websites, as those qualify for their free tier.
One way that we've tried to describe it in the past is that Let's Encrypt doesn't actually offer a service which is meant to be used directly by human users, but rather one that is meant to be used by machines and software in order to automate certificate issuance as part of some other function.
Now, "use by humans" and "use by software" are relative, since humans write software and humans use software. But the ideal case for Let's Encrypt is what @_az describes, where it helps service providers (as well as developers of web servers like Caddy) make HTTPs a 100% automatic part of web hosting.
So a lot of replies on this forum have been along the lines of "if you don't like the Let's Encrypt ecosystem's options for your environment, change your environment!".
But there is a community-maintained list which is growing all the time showing hosts with good Let's Encrypt integration.
