I can confirm that GoDaddy now supports Let’s Encrypt. I successfully installed it on five websites including a couple of subdomains.
Some points are in order.
GoDaddy supports Let’s Encrypt on its cPanel and Plesk plans, but not on its legacy plans.
It’s not automatic. You have to create the certificate, install it, and redirect http to https (I use .htaccess to do this).
For GoDaddy users who want to use Let’s Encrypt:
If you’re on the legacy plan, upgrade. GoDaddy’s Support recommended that I use cPanel for Linux, or Plesk for Windows, but check with Support before you make up your mind.
It’s easy on cPanel. I followed the instructions in manojkumarcdo’s video on how to use SSL For Free to create and install a Let’s Encrypt certificate on GoDaddy’s cPanel. (I suspect that the same method would work with cPanel on any host.)
I don’t know how to install Let’s Encrypt on Plesk, but I have seen instructions on the internet and it also looks easy. You might even be able to use SSL For Free as mentioned in the previous point.
I don’t see criteria for the categories in the top post, but consider that “Namecheap” (a competitor to GoDaddy that has never blocked third party certificates on its cPanel services) is listed as “No Planned Support”. On that basis, GoDaddy should not be listed.
I wonder if @stevenzhu could address the question of criteria.
I would rather define the "support" as automated, recursively obtain & renew certificate. Since now most hosting providers use cPanel / Plesk , and some of them allow the use of extensions to help user obtain a certificate in minutes.
I would remove GoDaddy fron no planned support, but I'll add "GoDaddy WordPress Hosting" to that list (since this plan only allow user to purchase a certificate from GoDaddy, no other options)
That's just my opinion.... & I'm open to ideas....
(Well, since I'm currently on a trip and can't get back until later today, I probably won't do anything to this list until tomorrow noon...)
I would support the idea that “support” should mean that there’s some way that a user can choose to configure the hosting account or service so that it continues to obtain and renew the certificate automatically in the future. I don’t think that only being able to import certificates via a manual process in a control panel or support interaction should count as “support” for the purpose of this list. If necessary, the list could be changed to refer to “web hosting providers who integrate Let’s Encrypt”.
I shouldn’t pretend to be knowledgeable about the hosting landscape, but changing it to “integrate” sounds good to me.
Web hosting has changed a lot since this topic was started in December 2015. A lot of hosts have good Let’s Encrypt integration now. How many hosts still don’t support HTTPS at all? It’s now practical to have a long list of hosts while maintaining high standards for who’s featured.
It seems to be that, for a user, the useful categories are like:
Hosts with more or less automated TLS support, with Let’s Encrypt or another CA.
Hosts that don’t block ACME validation and make it easy to manually upload certificates (don’t require an expensive fee or support ticket).
Hosts where TLS is supported but Let’s Encrypt is impossible (e.g. they block ACME validation). Edit: Or impractical.
Hosts where all TLS is impossible.
I’m not eager to throw out everyone’s past work on this thread, but would it make sense to only list hosts with solid Let’s Encrypt integration or conversely unusually high hurdles?
I think there’s still something in between 1 and 2, which is where the user has to take an action to get a certificate, but it’s a one-time action. This action is most often turning on HTTPS in a control panel such as cPanel. This contrasts with hosts where users can’t not have HTTPS support because it’s an automatic part of the hosting offering with no user action required.
I think so, and would encourage the list to adopt a higher requirement for “solid”. This might mean that a tutorial for “first, download this ACME script to your home directory” is not sufficient. Perhaps a way to define this is “first party support for Let’s Encrypt”, though I guess that’s still pretty hand-wavey.
One thing I liked about “support” is it implies that your hosting provider will help you if you have a problem obtaining/renewing/using your Let’s Encrypt certificate. I do think I like “integrate” better, but I still think this is an important criterion.
You can eliminate a lot of what we wouldn’t consider to be true integrations with this simple criterion. For example, GoDaddy probably won’t help me use gethttpsforfree.com with their CSR, so they would easily fail.
Also, I’m not aware of GoDaddy actively blocking ACME validation in the past? Does somebody have a source for that?
There are lots of forum and blog posts on the Internet from GoDaddy customers who have successfully used clients like acme.sh and web-based clients with various GoDaddy products. AFAIK nothing has changed recently.
I was going to Be Bold and add them to No Planned Support since there seems to be no interest in loosening the criteria, but then I realized the bit about them blocking ACME validation before didn’t match my memory.
EDIT: I found a good link to use so I went ahead and added them anyway. I left off anything about them blocking ACME validation before; if it is corroborated I’ll add it.
I personally want to merge Full Support & Regular Support… (since the only way to identify if the hosting provider makes automatic redirection from http to https is to signup & test…)
Also, want to remove No Support since almost all hosting providers would help (allow) customer to install a certificate to their website.
Thus, make the list only include who Integrate Let’s Encrypt.
What if the Source link were required to contain this information? I don’t think that is an unreasonable request to be “featured” on such a popular list.
We don’t seem to be doing too bad:
Antagonist - confirmed in source
Domaineshop - confirmed in source
EasyStore - confirmed in source
GitHub Pages - contradicted by source (this one’s actually my fault, they enable LE by default but do not redirect by default)
Inspedium Corp. - not confirmed by source
Manitu - confirmed by source
Neocities - confirmed by source
Netsite - contradicted by source (claims manual enablement is required)
Pride Tech Design - confirmed by source
Shopify - contradicted by source (manual enablement required; also my fault haha)
Squarespace - possibly contradicted by source (it’s unclear but Insecure appears to be the default setting)
Tumblr - contradicted by source (guess who?)
VIPserv - contradicted by source
Webdock - confirmed by source
Weebly - contradicted by source (requires manual enablement)
WordPress - confirmed by source
EDIT: this list was revised as I contacted the hosting providers.
I’ll move the ones with contradictory information in the sources as soon as I hit Reply. Tomorrow I’ll reach out to the two unconfirmed ones & Squarespace and give them a chance to clarify on their help pages or blogs, unless someone with a fancy email address ending would prefer to.
I think this section really helps keep people from asking repeatedly about providers that have no support, and would hate to see it go.
I have now reached out to Inspedium Corp. and Squarespace asking them to update their confirmation links or provide a new one that confirms their eligibility for Full Support status. (On double-checking the translation, I found that manitu did indicate that they redirect and updated my earlier analysis.)
I set a deadline for next Friday, August 3 in my communication. If they aren’t updated by then, feel free to demote these two providers to Regular Support status.