I'm using 'Site Feedback' because all the other categories request some sort of info regarding what version I'm using, what this and that, and this is the only category that doesn't, as I'm actually asking a question not requesting help on using LetsEncrypt.
Does LetsEncrypt have an online cert authority to issue certs for hosting services that provide web servers, similar to ZeroSSL and FreeSSL does?
I use letsencrypt for my home server being that I use SSH PuTTY which allows me to run LetsEncrypt inside Ubuntu, and use ZeroSSL for a Godaddy website (which is only a web hosting service, there is no SSH console) I maintain for a small local company, all I have to do is to create the cert online using ZeroSSL, then insert it into cPanel.
I'm afraid this question doesn't make any sense. In one sense, yes, Let's Encrypt has (indeed, is) an online cert authority--but I don't think that's a particularly useful piece of information, as I'm not sure what an offline cert authority would be.
Are you asking whether Let's Encrypt has a web interface to issue certs? If so, the answer is no, and I suspect it never will--it's contrary to the way their system is designed to work.
LetsEncrypt itself is an API driven online Certificate Authority. The system is primarily designed and positioned for online automation by APIs.
Well, there have been a handful of online tools to generate the ACME-Order and trigger the challenges. Using them will require the user to update DNS records or place files on a webserver to answer HTTP challenges.
I recall there are some cPanel plugins for LetsEncrypt, however many hosts purposefully disabled or blocked them to upsell certificates they charge for.
Let's Encrypt does not endorse website-based ACME clients, as those cannot be automated. And Let's Encrypt is all about automation.
That said, @griffin has build a PHP based ACME client which can be "installed" (read: just download it and put it the webroot of your site) on your website to actually provide a web-based GUI to the client itself. Which might be exactly what you want?
Well, not that it really matters, my post was a reply to @arberda2, but that account has been deleted, probably due to the spam elsewhere on the Community.
Actually I did explicitly say about a web interface for LetsEncrypt, take a lok at this screenshot of ZeroSSL create new certificate, after completion of the form, a new .crt file is generated ready for installing, this is what I call a web interface.
Actually, no, you didn't. The closest you stated was "similar to ZeroSSL and FreeSSL does", by which you apparently meant (but didn't state) a web interface. But since you've now clarified that this was your question, I answered it five days ago--no, Let's Encrypt provides no such interface. Some third parties have made such interfaces, but we generally don't recommend them. Let's Encrypt just isn't designed to work that way.
Someone earlier in the replies suggested the webmin does have LetsEncrypt SSL functionality, but that's ONLY for the webmin interface. So, it seems then as LetsEncrypt does not have a web interface, then it seems I'll have to stick with ZeroSSL, and renew every 90 days, because after reading about how to 'manually' create and install certs into a hosting company, it's better to use a system that only needs to generate one file, which is very easy when using cPanel on Godaddy, as I have does this when using ZeroSSL, as there is only one file to upload a .crt file, where as LetsEncrypt there is (I believe) 3 files, the crt file, the private key and the public key.
Let's Encrypt purposely does not have any ACME client at all. The only thing LE offers is the ACME API. And for that API there are many third party ACME clients, of which some of them are webbased.
Huh? Every SSL certificate ever generated by any CA consists of a certificate and a private key. CertSage generating the private key and downloading the certificate directly on the intended server is by far better than using a third-party web interface. You could use cPanel to generate your private key and then a CSR and then submit that CSR to another CA then download your certificate then install it into cPanel, but why?
I'll hopefully have the cPanel autoinstall released within a day or two. At that point, it will take under a minute to renew a certificate including the processing time of LE.
Actually I use cPanel with a Godaddy account to maintain a local cab company's website, and if you look at the screenshot, I don't see anywhere, where a private or public key is used, all it asks for is the .crt file which gets installed to the right domain name automatically.
OK, so lets say all sandwiches are made of only ham and bread.
And at my deli I sell both ham and bread.
But you want a sandwich.
So I say: Buy my ham and bread and put them together and you'll have your sandwich.
You say: No; The other guy across the street sells me sandwiches.
I say: OK. Then get a sandwich across the street.
I don't know if this is on-topic or not, but I feel compelled to comment.
I got to LetsEncrypt/CertBot after starting with GoDaddy. I got here because GoDaddy charges over $200 for the first issuance of a cert, and then they DOUBLE that charge on each 1-year renewal. That means that unless you want to pay more than $400 per year to GoDaddy, you have to pretend that each year's certificate is brand new.
It took me FAR LESS time to install LetsEncrypt/Certbot on my CentOS 7 servers than it took me to actually find (never mind read) the fine print on how GoDaddy will plunder me for certs. The other providers are the same or worse.
If you really desperately must use a web interface at all (I'm not sure what you're doing that requires it), I suspect you or a competent React developer could roll your own in the amount of time that we're discussing it here.
The awesome thing about Certbot is that it just does everything you need, while doing so in a way that is dirt-simple to find and adjust if you don't like it. In my case, the certs were MUCH easier to find (because it just tells me!). The directory structure is clear and obvious. I needed to make some changes to permissions so that my various nodejs/npm tasks could properly access the needed credentials -- all was easy and straightforward.
The overwhelming majority of web-based tutorials about how to do https ALL describe self-signed certificates -- an utter waste of time and far more tedious than the LetsEncrypt/Certbot install.
My basic need is to put a green padlock on all major browsers on the half-dozen or so sites that I currently manage. LetsEncrypt + Certbot is a clear winner, hands down, over all the alternatives and especially over GoDaddy.
I'll be tossing contributions into the LetsEncrypt hat for the foreseeable future.
