My hosting provider just decided overnight to stop serving my website because I don't have a certificate, with no warning. Please help! I'm 20 year IT veteran from the 80's & 90's and used to create websites by hand writing html. I have a clue, but this stuff is beyond me as I don't know anything about how BYETHOST host my website. They are doing this to force ppl from free hosting to their paid premium services.
My web server is (include version): I don't know. BYETHOST hosted free domain
The operating system my web server runs on is (include version): Dont know
My hosting provider, if applicable, is: BYETHOST
I can login to a root shell on my machine (yes or no, or I don't know): NO, managed through VistaPanel
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): YES, VistaPanel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know what client they run. I just have a window to upload my Certificate.
BlockedByNginxTestCookie
Error
The validation request to this domain was blocked by a deployment of the nginx testcookie module (https://github.com/kyprizel/testcookie-nginx-module). This module is designed to block robots, and causes the Let's Encrypt validation process to fail. The server administrator can solve this issue by disabling the module (`testcookie off;`) for requests under the path of `/.well-known/acme-challenge/`.
The server at 185.27.134.228 produced this result.
Edit
Please show the output of sudo nginx -T that is a capital T.
@WizAu I looked at your hosting provider and its community forum (Forums - Byet / IfastNet Forums). The section on Free Hosting plans had several ideas. I am not an expert on your hosting service so keep that in mind ...
The Vista Panel requires you to manually copy any cert info to it. This means it won't be able to be automated. And, other commenters at your hosting site's forum say this. You could use a manual method to get a cert from Let's Encrypt and various ACME Clients offer this. See this topic to start: Getting Started - Let's Encrypt Note: for ACME certs you normally don't make your own CSR - it's an API service designed for automation.
That said, certificates are logged in public databases. I looked at the last 7 days of certs for subdomains of 22web.org. And, by far people use Google Trust services most often to get their cert. Ones from GoGetSSL are next most common. Perhaps visit your hosting company's forum and ask people how they get their Google Trust certs. That may well be easiest given so many people do that.
Well I wouldn't advise doing this, but I was able to MANUALLY get a certificate issued and deployed (without the intermediate E5 in the chain, byethost.com doesn't support it on the FREE Account!).
For the domain name dunsel.byethost32.com I got this certificate using the DNS-01 challenge with a CNAME for _acme-challenge.dunsel.byethost32.com to a location I can MANUALLY add the challenge token.
While it is slightly more than theoretically possible to get a Let's Encrypt Certificate issued for a FREE byethost.com account I DO NOT recommend this MANUAL and PAINFUL process!
I can't do a sudo command? I do t have console access, only VistaPanel tools they let me use. None of which I can execute commands. The server is hosted by BYETHOST.
You don't have to get a cert manually on your server. You could do it, say, on a Windows machine at home. Then copy/paste the cert to your host panel.
But, not supporting intermediates seems awful. Hopefully there is a way to do that. It would affect certs from anyone not just Let's Encrypt. That said, for popular cert issuers like Let's Encrypt or Google many browsers can adapt anyway if they've have seen the proper intermediate from visiting a different site. But, not sure if that works in private browsing sessions.
Perhaps Google Trust has a console you can get a cert from - I don't know. If so that may be why it is popular for people using your hosting service free plan.
My manual process relied on Byet allowing the adding of a CNAME for _acme-challenge.<YOUR_DOMAIN>, thus needing another DNS Provider that allows editing of TXT record.
I believe Mike is correct that you could likely automate that much of the process. The copy/paste of the certificate is still manual (every 60 days for a 90 day certificate). But this "ERROR" (i.e. intentional limitation) is as Mike stated awful.
Another alternative is to check if your current host can handle your certificate, even with a different CA. On a shared hosting your goal should be "tell hosting domain name; they automate issuance; it just works; you don't have to think about it."
Yes, move to another hosting service. Was thinking that as an option, but having someone else mention it.... made up my mind.
For now I've moved all my file distributions to Mega (already had an account for my own use) and sent new links to the clients.
But without owning the domain, (BYETHOST do), I'd have to rely on a redirect script or settings to point old links in forum posts to the new website, and that has it's own issues.
Hopefully image links with "http://..." specifying no SSL might still work. I'll go check now.
Well, I hope this post helps someone else "Give Up" before they go too far down the rabbit hole.
Thanks for all the advice peeps, even if I did end up not really needing it.
From "Giuseppe C. via Let's Encrypt Community Support" <notifications@letsencrypt.discoursemail.com>
To wizau1970@gmail.com
Date 9/02/2025 11:34:29 AM
Subject [Let's Encrypt Community Support] [Help] Desperate beginer, BYETHOST, Have CSR, what do I do now?
before they go too far down the rabbit hole.