Yay, it works! The following is a detailed description of what I did to obtain and install a certificate on my site5 hosted website. I do not have su privilege, and the certificate installation is manual for now. I would like to automate it next.
My website is hosted by site5 and at least at my level of hosting, do not have letsencrypt integration.
I do not have su console access either, so it was my understanding that i couldn't directly use Certbot (https://certbot.eff.org/). (it is possible that I misunderstood the su requirement)
I can ssh into the host for my domain by using putty, with the IP address obtained from the web host manager (WHM) and the FTP username and password.
So, I chose the first option from the list of ACME client implementations (ACME Client Implementations - Let's Encrypt).
Open the following URL on your internet browser: https://github.com/srvrco/getssl
Then scroll down to view the README.md contents.
Once logged into a non-su Linux, console, create a work directory and cd to it. I used ~/getssl
Next you can past the following command into the console and execute it (in the README.md)
curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
Next I typed the command (where
<domain> is the domain name I wanted to obtain a certificate for):
./getssl -c <domain>
This will create ~/.getssl and a subfolder with the domain name.
cd to ~/.getssl
then cd to the subfolder
Then open the getssl.cfg file for editing. Scroll down to about line 80 and you will see a commented out line that begins like this: #ACL=('
It doesn't really matter where in the file it is but it's nice to set the ACL variable right above this commented out example. I added above that line the following:
You should fill in the ... with your actual path to where your html files are stored.
Next go to your console and create the .well-known/acme-challenge folders in your html folder. You can actually call it something different if you want as long as the cfg file and the folder created match. The point of this is to prove that you have permission to create files and folders in your domain's file server.
Then going back to your console, go back to the ~/getssl folder and type the following command:
Verify by seeing if crt files are created in
Once you verify that the files are created, delete the *.crt files in the
~/.getssl/<domain> folder, or when you run with the production acme server next, it will fail because your certificates in that folder are not expired yet.
When this seems to be working correctly, the last step is to open the cfg file: ~/.getssl/getssl.cfg
Go down to what is probably the first variable that is uncommented, which begins with: CA="https://acme-staging-v02...
Comment it out and uncomment the line below that start with: #CA="https://acme-v02...
Save and then go back to the folder with the getssl script (~/getssl if you followed the steps above)
Execute the script again:
Assuming this worked, the final step is installing the certificates. I'm sure there are many ways to do this including asking support to install it for you, but I installed my own using cpanel as follows:
- In my case on site5, i logged into site5.com with my account name/password.
- Next I clicked on my multisite product/service, which is the hosting service I currently have.
- Then over on the left side, under Actions, I clicked 'Login to WHM'
- Under the home page of WHM (Web host manager), I clicked on the 'Account information' tool.
- On the next page, I clicked the 'List accounts' tool.
- On this page was a table with all the different domains I had howted on this mutisite account.
- I then clicked the orange 'CP' just to the right of the domain name of interest.
- On the next page, i scrolled down to the security section, and clicked on the 'SSL/TLS Status' tool.
- From there I clicked on the 'View Certificate' hyperlink under certificate status for the domain.
- In the domain dropdown list, I selected the only option which was the domain and subdomains of interest.
- Then I pasted the contents of ~/.getssl//.crt into the Certificate (CRT) field.
- Next I pasted the contents of ~/.getssl//.key into the Private Key (KEY) field.
- Finally I pasted the contents of ~/.getssl//chain.crt into the Certificate Authority Bundle (CABUNDLE) field.
- Then, I clicked the 'Install Certificate' button at the bottom.
If successful, you should be able to navigate to your website using https and it should show as secure.
You may need to do some other steps if you want people to be able to do