[Osiris] Osiris https://community.letsencrypt.org/u/osiris Community
Well, other providers simply ask for money up front followed by a
CSR statement from one's web host and then do the rest..
With "other providers", you mean other Certificate Authorities (CA) or
webhost providers? Because as far as I know, a "classic" CA would not
handle the interaction between the CA and the webhost: that too would be
a job for the user.
I actually generated a private SSH key but I suppose that''s how
some of them earn their money.
You probably mean SSL instead of SSH? Because SSH is something
altogether. Assuming you did mean SSL: if your webhost has send you a
CSR for you to use, there's no need to also generate a SSL private key
yourself: the public >key embedded in the CSR is part of a
public/private keypair where the private key of the keypair is to be
used by your webhost and already present at your webhost.
No, I meant an SSH key. I was instructed to do that.
Let'sEncrypt more or less leaves it to certbot, which I tried for
hours in terminal without getting a positive result.
You're not required to use certbot. Certbot is just one of MANY ACME
clients available. See ACME Client Implementations - Let's Encrypt
https://letsencrypt.org/docs/client-options/ for a non-exhaustive list
of ACME clients.
I don't want a list I just want to know how to use one of them. there
are no step by step instruction anywhere.
The instructions might be meaningful to experts but much of the
terminology is very confusing to a newbie to this field like myself.
That's unfortunate. We /can/ give you more help, but personally I
would very much like to see what you've already tried and what you
already know. For example, you already have certbot installed, right?
What did you try and why >didn't that work?
Certbot is apparently installed but the only way I can access it is via
the terminal. I did that and went through the procedure...it eventually
gave an error message and I gave up. It has installed
This is not to annoy you, but most of the time it's not possible to
give a "one size fits all" instruction.
So why can't LetsEncrypt simply produce the zip file that crazy
Let's Encrypt only provides their services through the ACME API:
everything is automated. Even the certificates generated for the use of
Let's Encrypt themselves is generated through their public API. No human
issuance of certificates is possible.
Also, as already explained in the "How Let's Encrypt works"
documentation linked above, Let's Encrypt requires PROOF of ownership of
the hostname. See the challenge type documentation also linked above on
how Let's Encrypt validates that proof of ownership.
I understand that but like I said, there is a lot of detail that is very
hard to follow but no actual step by step instructions about what to
actually do.Â It has set up a folder on my .etc folder but I don't know
how that relates to making my website secure.