Complete no sudo version?


#1

Hey, so I am on a Dreamhost shared server, and as you probably know, shared hosting users don’t have sudo privileges, at least I don’t. Is there a way to use the Let’s Encrypt without sudo? Before you mention it, I know that there is: https://github.com/diafygi/letsencrypt-nosudo

As the name implies, it doesn’t require sudo… but it does. Very deceptive. I know that this is a third party script, but is there a way to verify that you own the server even if you don’t have sudo privileges. I have seen CA’s have you create a file on the server that a bot reads the contents of to determine if you own the domain. Does Let’s Encrypt have something like that?

No matter how many times I beg, Dreamhost refuses to help me with this

In conclusion, is there a way to:

  1. Run Let’s Encrypt Auto without Sudo
  2. Run letsencrypt-nosudo without the LAST LITTLE SUDO COMMAND
  3. Verify that you own the domain by having a script read a file off of your server

Also, VPS or Dedicated Servers are no option
Thanks


#2

Are you able to configure the web server to do reverse proxying? Then you can run the command without sudo changing the port from 80 to something >=1024

You can as a last resort also use the manual mode and run the LE client somewhere else.


#3

There is also the webroot method, which should work without root as well. That being said the client itself needs root to installed. I don’t know if you can work around that by calling letsencrypt directly instead of letsencrypt-auto


#4

If you’re willing to set things up manually, while you currently need sudo, it doesn’t need to be on the web server. You could, for example, run a live CD and install and run letsencrypt on that.

For me, I did something like:
sudo letsencrypt -a manual --manual certonly

It asks if you’re okay with having your IP address logged, if you agree with the terms of use, what your email address is, and what domains you want the certificate tied to.

It gives you some instructions telling you the location and content you need and how to verify it (and a list of commands to run on the server to achieve this if you don’t already have a server) and waits until you tell it you’ve done the setup. (Twice.)

I set up the file and the content myself. When I let it know I was ready, it notified letsencrypt to verify the url and content. Once that was successful, it wrote the certificate files, and exited. After that it was just a matter of installing the certificates myself. (My shared hosting service grants shell access but uses a web gui for installing certificates so if it weren’t for this method, I wouldn’t have been able to use letsencrypt.)

(For what it’s worth, I’m not sure if I need these files later for renewals or revocations.)


#5

Based on @ouroborus notes, I wrote up instructions on how to do it on Dreamhost:

https://new.robnugen.com/toots/use-letsencrypt-on-dreamhost/


#6

I use DH as well. I used fullchain.pem instead of cert.pem and left the intermediate certificate blank.

Good write up, though.


#7

Worked perfectly! Thank you!