I ran this command: using instructions from video:
and I am stuck on verification step. After I put the generated files into the .well-known/acme-challenge folder, instead of getting the text back that I should get, I get the actual html of the website.
It produced this output: The verification It shows the html of the website, not the expected text
My web server is (include version): godaddy apache v 2.4.39
The operating system my web server runs on is (include version): linux
My hosting provider, if applicable, is:godaddy
I can login to a root shell on my machine (yes or no, or I donāt know): Yes
Iām using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, cpanel 70.0 (build 51)
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youāre using Certbot): Iām not sure. I couldnāt figure out the certbot directions, so I followed the video above which is using a site called zerosll. Iām not sure whether these are the same or different.
a) Either the verification files are put in the wrong place
or
b) Your server is not configured to serve the files with no extensions
To understand which is it, put test.txt file with some text into the same directory where you put the verification files, see if you can access that. If you can, itās likely (b), in which case create a file without extension in the name and try accessing that. If you could not access test.txt, then itās likely (a).
In any case, the web server logs might actually help you to figure whatās happening.
Thanks for your help. If I understand you correctly, this wonāt work because it is a forward (i.e. redirect). You are saying that I must ādo itā on 184.168.131.241. The problem is that I donāt know where 184.168.131.241 is coming from or how to get rid of it. My IP address, the one where the website is actually located, is 23.229.140.154. The forwarding domain was transferred in from another account, and it looks like it brought with it a bunch of stuff that used to be true. There is a place in godaddy where it says I can uninstall the expired certificate, but then it warns: Are you sure that you want to delete the SSL host ātaichipark-masterjoutsunghwa.orgā? This operation cannot be undone! and that scares me that it will delete the whole website, not just the certificate.
Or do I create a different certificate for each one? Or do I only create the certificate on the one and all the rest will automatically be secure? I already have installed (and it appears to be working) the certificate on hplconsortium.com, I just canāt get the certificates to work on the subdomains/addon domains.
Also - does the .well-known/acme-challenge folder go into hplconsortium.com/web/taichipark/
which is the actual location of the files? Or does it go into hplconsortium.com along with the files that I generated from that domain?
Any help you can give me would be most appreciated. Iām out of my element here, and Godaddy has been no help at all. They just want to sell me an expensive SSL service.
Again, thanks. I discovered that I had never put in the taichipark.com as an addon domain, so it was forwarding to the 184 IP address. Iāve now fixed that part. taichipark.com is now set to 23.229.140.154.
So, the next part of my question; what do I enter into the box on zerossl in order to get the ssl certificate for the appropriate domain. Is there another way to do this rather than use zerossl? And is zerossl just a different program that does the same thing as the certbot? I am a bit confused.
Also, I just went through the entire process including copying the certificate and key into the appropriate place in my godaddy control panel for another domain, pagodawriters.com. And yet it still says insecure. Is there a time delay for propagation, or should the change be immediate. In which case, what did I do wrong?
Yes, it's something like a website-based client. So you have to create every 60 - 85 days a new certificate. If you have your own webspace (with enough rights), use certbot or another local client.
Thanks again. You are terrific.
I thought the second domain would fix automatically when I fixed the first domain, but now I know what I must do. I would love to use certbot (and I do have enough rights) but not enough knowledge quite yet. I do not understand the directions, and until Iāve played around enough to understand, I am limited to what the video I found tells me to do. Is there a similar video for using certbot? It probably doesnāt matter, though. Iāll be changing to a hoster that is on your list within the next 30 days, so I will be able to use the cpanel to set it up in the future. Godaddy is not one of the hosters who is working with Letās Encrypt. (I thought that by buying the Godaddy SSL certificates I would avoid spending the time necessary to learn all this stuff, but they are WAAAYYY too expensive. Plus their technical support has taken a nosedive over the past year and I canāt get an honest complete answer from them, so Iāll be switching to another hoster shortly. I just needed to get this done in the meantime.)
I also figured out why the Pagodawriters.com website didnāt work initially. There were still some http:// references in the code. Iāve changed them all now so that if someone types in https://pagodawriters/com it shows as secure. I tried to modify the .htaccess file to do a redirect as it explains on the web, but I always get server not found when I do that. I suspect it is because pagodawriters.com is an addon domain, and I donāt know how to modify the redirect code so that it will redirect to the appropriate place. This will work for me until Iāve learned more.
In any case, thank you for your help. Iāll be back if I canāt figure out the next part.
Can I do this in steps - adding one domain at a time, testing it, and then going through the process for a second or third, etc.? Will that cause a problem to go through the process multiple times on the same site?
Hi. The university semester is now over so I can turn my attention back to trying to get SSL on all my addon domains which I started last month. Before I begin, I need to verify something. Iāve read in a different site that it is not possible to install multiple SSL certificates for the same IP address. Since ALL my addon domains resolve to the same IP address, it wonāt do me any good to go through and get rid of all references to http in the code if itās not going to work anyway because there is only 1 IP address.
So is there any barrier to me going in and creating a different ssl certificate for taijiquanenthusiasts.org, pagodawriters.com, opfl.org, syihtq.org, etc (there are 12 of them) just because they all resolve to one IP address and are directed to the addon domain hplconsortium.com/web/addondomainname
Also, since I have so many, would it make sense for me to learn how to install certbot or some other program that will automatically do the renewal? Would I use that for the initial installation too, or just the renewal? It is even possible for me to use certbot? I host on Godaddy and do have SSH access (though Iām not entirely sure how to use it. I am familiar with command line interfaces and have a smattering of linux command knowledge.)
Any help provided would be greatly appreciated.
Thanks
CJ Rhoads
It is possible to use multiple SSL certificates with one ip address. Server Name Indication (SNI)
allows that.
Earlier, it was impossible, Windows 2008 (and XP) doesn't support SNI, so only one certificate was possible. But (sample) Windows 2012 supports SNI, same other OS versions and browsers.
Thanks for the quick response. Unfortunately, I have to ask for clarification (please excuse my being a newbie to SSL). I purchased, and installed, a certificate through Godaddy. When I discovered what they wanted to charge for all 12 certificates for my twelve different addon domains, I investigated how to do it myself without paying them. Right now it appears to work for one addon domain, the one you helped me with last month (https://taichipark-masterjoutsunghwa.org/). I didnāt get it to work on pagodawriters yet, nor syihtq, but thatās what Iām working on now.
I give this background because Iām not sure I understand your statement that I shouldnāt mix cPanel with an own client. Are you telling me I shouldnāt be creating my own certificates, that my only choice is to pay Godaddy for each one? Or are you telling me that if Iām using ZeroSSL then I shouldnāt also use certbot? Again, please forgive my ignorance on the terminology. Iām not sure what a Letsencrypt Addin is. Godaddy is not a cooperating host with letsencrypt, so I have to go through and copy in the certificate and the key in order to install the SSL myself.
If you have root access, you should be able to do what you want. So the position of Godaddy
isn't relevant.
But cPanel has it's own domain management. So it conflicts if Certbot changes the vHost configuration.
There are cPanel Letsencrypt Addins. But your hoster must install / support these. And cPanel has global options to upload and install certificates. But if you can't automate that, you have to do that every 60 - 85 days. With 12 domains - puh.