Host won't allow Let's Encrypt install unless hosting the domain

Hi - my host says that they can only allow LE Certs on domains they host due to restrictions from LE themselves. I’ve never encountered this before across a fair amount of hosting providers and wanted to confirm that this is indeed a fact. I appreciate that I can generate certificates myself - but the auto-renewal function of a hosted solution is far more preferable.

Many thanks!

Hi @Bernard2020

your question isn’t clear.

That may be a limitation of that auto-renewal function. Then it’s a decision of your hoster. Not good, but ok.

What’s your exact setup?

Please answer all of the template questions you have deleted.

I don’t want to disclose the host or the domain here for security reasons, but to be clear - every hosting platform I’ve ever used allows installation of a Let’s Encrypt certificate to a hosting account with no restrictions. This particular host however insists that we can only have this feature if the domain itself is hosted by them also. All I am trying to ascertain is, is this a genuine restriction - perhaps at higher levels of security, or is the host feeding misinformation?

Please learn some basics.

Then learn something about challenge types.

If you read all of these things, then you will see: With your informations it’s impossible to answer your question.

If the client of that hoster is limited, that’s bad. But that’s legitim, because it’s their client. If the client supports dns validation, the local domain hosting may be required.

And what means “hosting”? If your website doesn’t run there, it’s impossible to use http validation.

If you are unhappy with that hoster. Use another.

PS: Conclusion: Your exact setup with your domain name, your dns provider and your hoster is required.


That’s only partly true for the dns-01 challenge. In that case the hoster needs access to the DNS zone, which for practical reasons might restrict the hoster to “self hosted domains only”.

Fortunately, Let’s Encrypt has other challenge types, such as the http-01 challenge! In that case, the hostnames only have to resolve to an IP address of the server of your hosting provider. No DNS access is required.


I would conclude from this analysis that the hosting provider might be referring to a genuine limitation of its own software, rather than a deliberate policy on its part. Still, since that’s not a restriction coming directly from Let’s Encrypt, it’s not something that would apply for every hosting provider.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.