I’m on shared hosting with centOS 6 and have no shell access.
I have installed centOS 6 on Oracle virtual box on my home machine in the hope that I can obtain certs for my live sites from this installation. Everything works fine until I actually apply for a cert (./path/to/certbot-auto --apache certonly).
I get errors stating domain not found on 127.0.0.1
Please advise if this scenario is even possible
Sorry for lack of fine detail - I don’t have access to my home machine from my present location.
Do you have FTP / SFTP access to your server ? alternatively does your DNS provider have an API. if either os these is true then there is a way you can obtain a cert from your virtualbox at home, yes.
Also, does your hosting have a control panel ? if so, what is that control panel ? (I’m asking to try and work out how you can upload / use your cert once obtained )
I have FTP access. My provider does have an API for installing a cert.The control panel is ‘cpanel’. I can’t give you much more detail about these aspects at the moment as I can’t get to cpanel from my current location (on company network based in Luxemburg).
Once you have access to your cpanel, it might be worth checking the version number. In the latest release of cpanel (58) it includes an option for automatically including LE certificates called AutoSSL Chatting to your hosting provider and getting them to include this will be the easiest option.
If it’s an older version, of cpanel, then you could use getssl which will run on your virtualbox, automatically upload the tokens etc to your webserver (via FTP) and obtain a certificate for you.
Sorry for delay in updating this thread. I’m finding the Olympics a bit of a distraction.
I’ve had partial success when using getssl, but ran into a couple of problems.
According to instructions here. I should see the following files and directories created:
~/.getssl
~/.getssl/getssl.cfg
~/.getssl/yourdomain.com
~/.getssl/yourdomain.com/getssl.cfg
This was successful except the file
~/.getssl/getssl.cfg
was created as
~/.getssl/create-getssl-config
Anyway I updated create-getssl-config with my default preferences and then updated ~/.getssl/yourdomain.com/getssl.cfg with my site details.
However, when I ran the command: getssl mydomain.com, I got the response: getssl: command not found.
./getssl did the trick, thanks.
However, i got an error registering account. “getssl: Error registering account”.
Is this because I’ve missed something in the config file?
Creating domain csr was successful.
Yes, it sounds like it. Since cpanel has a script in to automatically install Let's Encrypt certs for you, that is almost certainly the easiest way to obtain certs for a cpanel server now.
Thanks again - yes there was a typo - should’ve noticed that, sorry.
slight improvement - but now I get response
’for some reason could not reach http://heffernans.net/.well-known …’ with the challenge token.
I usually have this entire site password protected, but I removed that temporarily before using getssl. I presume the placement of the challenge token is done via FTP?
I created .well-known/acme-challenge directories prior to running getssl - is that correct?
I guess I’ll have to verify the path for FTP and HTTP
You may be better off with these questions when using getssl on the specific site for getssl -
From the help;
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location.
# An ssh key will be needed to provide you with access to the remote server.
# If these start with ftp: or sftp: then the next variables are userid:password:servername:ACL_location
ACL=('/var/www/example.com/web/.well-known/acme-challenge'
'ssh:server5:/var/www/example.com/web/.well-known/acme-challenge'
'ftp:ftpuserid:ftppassword:example.com:/web/.well-known/acme-challenge')
so in the getssl.cfg file for this certificate, you would add in the location in the format
where
ftp: tells it to use ftp
ftpuserid is your FTP username
ftppassword is your FTP password example.com is your domain / host name ( where FTP is going to connect to )
/web/.well-known/acme-challenge is the location where the token needs to be uploaded to