Extend SSL certificate

beunite · February 21, 2017, 2:55am

Hi Sha,

My webmaster, who is no longer working for me organized a SSL certificate last year and I this was from your foundation, let’s enscrypt. The certificate is due to expire in 23 days. My webmaster, unfortunately has not left me with usernames and passwords to let’s enscrypt or to my hosting company (server) so I have no idea how to renew the SSL.

The webmaster has left and is nowhere to be found. His company no longer exists and he doesn’t reply to emails.

Can I extend the SSL certificate through your foundation or what else do I need to do? Do I need access to my hosting company in order to do this. My hosting company said they wouldn’t let me access because I do not have the user name and password. What does this mean, I’m kind of screwed?

My domain name is www.beunite.com

What will happen if the SSL certificate expires? Will my website stop functioning? At least I can continue paying the bills for my web-host so they won’t shut me down for the time being.

I would highly appreciate your answer on this.

schoen · February 21, 2017, 3:20am

Hi @beunite,

Let’s Encrypt is a nonprofit organization that issues certificates free of charge. If you still control the domain name, you can get an updated certificate free of charge.

There are many different ways that your previous contractor could have gotten the certificate (using a range of different software tools). It would be helpful to know more technical details about your hosting setup, as I mention below, for example in the hope of being able to replicate what the previous contractor did.

Although there is a concept of a Let’s Encrypt “account”, it might be misleading because you do not have to use the same “account” in order to get new certificates for a domain. Also, the “account” is normally represented by a file that contains some technical parameters, not by a username and password that a human being would type in directly. So even if you never find the associated credentials, you can still get a new certificate; there’s no need to do a password reset or anything, but you can just make a new account, which the certificate-obtaining software can probably do automatically for you.

I’m confused by what your hosting company said; are you sure that they were referring to the user name and password for Let’s Encrypt (which doesn’t really exist because that’s not really the way software authenticates itself to the service), as opposed to the user name and password to administer your account on the hosting company’s servers?

Did you see the form with questions about your setup that probably appeared when you first submitted your question? Could you provide more technical details about your hosting environment, such as the questions that were asked in that form, as well as your own level of knowledge of system administration? I realize that you might not know some of the answers because they may be things that your contractor took care of, but it would be good to know what you do know about how your site is hosted and your ability to administer it.

To answer your other question, if the certificate does expire, visitors to your site will generally encounter an error message about the expired certificate, which may prevent them from interacting with the site conveniently. So renewing the certificate is definitely important to take care of. On the bright side, as soon as the renewed certificate is deployed, the error message will go away immediately… and hopefully there should be no reason to get to that point.

beunite · February 23, 2017, 4:16am

Hi @schoen,

Thank you for your reply. Yes, I am in control of the domain name, the log-in and password to my domain registrar.

I am in contact with my hosting company and you are right, I do not have the username and password to administer my account on the hosting company’s servers. This because it apparently doesn’t matter to them who the rightful owner is, or who controls the domain name, it matters only who initially set up the hosting and who has got the username and password. And my ex-contractor has set this up and he left without handing over username and password to me (welcome to Thailand).

What my hosting company let me do is paying the bills, so the site won’t be shut down for the time being.

I did nowhere see technical questions about my hosting when I initially asked for help. Or do you mean selecting the right category with the title server (drop down menu?). Unfortunately, the entire process of was done by my ex-contractor and we never discussed much about technical issues. What I know is…

My hosting company is www.novatrend.ch
My domain registrar is www.whois.com

I can send and receive emails via the server and I have access to the control panel to check my emails. I do not have the “master” account, to add new emails (which kind of sucks).

In regards to the extension of the SSL certificate, when I asked my hosting company, first they said they didn’t know anything about it but after doing further research and I found out that they advertise Let’s encrypt certificate on their website, and after confirmation from your end that my SSL certificate is from Let’s encrypt, I was asking a second time, and their reply was:

“Sehr geehrter Herr Graf
Ja das Let’s Encrypt ist ein kostenloses SSL Zertifikat der sich alle drei Monate automatisch verlängert. Daher wird hierfür keine Rechnung erstellt und Sie müssen nichts unternehmen.
Freundliche Grüsse. Emre Ciftci”

English translation: Dear Mr. Graf, Yes, the let’s encrypt is a free SSL certificate which extends automatically every three months. That’s why we do not invoice you for this and you don’t have to do anything else. Kind regards. Emre Cifci.

Does this mean we can trust the the hosting company and stop worry about it and touch wood everything is going to be fine?

Look forward to hearing from you and thank you so much for your help.

schoen · February 24, 2017, 2:24am

Hi @beunite,

The "extends automatically every three months" depends on the particular software used to obtain the certificate (some do and some don't), and in the case of certificates obtained by the hosting provider on behalf of the user, also depends on the hosting provider's policies and practices. So I wouldn't encourage people in general to rely on this kind of statement without further investigation. (In particular, it's not fully "automatic" at Let's Encrypt's end; someone always has to do something on the other end to make it automatic.)

Fortunately in your case we have received a report in December 2015

https://community.letsencrypt.org/t/web-hosting-who-support-lets-encrypt/6920/17

that novatrend.ch was one of the first providers to offer fully automated support for renewal, handled by the hosting company directly. Thus, on the basis of this report and what novatrend.ch support told you, I think it's most likely that the certificate will be renewed automatically on your behalf by your hosting company and that, in your setup, you don't have to take additional steps.

I guess you can also ask the hosting provider how soon before its expiration the certificate will be renewed, in order to confirm that this really takes place at the expected time. Hopefully their practice isn't to renew it at the last possible moment (just in case something goes wrong technically).

system · March 26, 2017, 2:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.