That screenshot is the one CD sent me. It is their screen...dunno what or how.
Incidentally, CD charge min of $79 to add ssl to any of their sites. Do you think that might have something to do with all these hassles?
Unfortunately there is an incentive to fill the process with unnecessary hassles. If you provide CD with exactly the correct certificate, private key, and CA bundle (all together) and they "struggle" to install them, that's a problem.
If possible, I would advise switching to a less hostile hosting provider. Your current provider has a financial interest in making you pay $79 which means making it as difficult as possible to use free options.
There is a great list of providers that support automatic Let's Encrypt, so just one button for you to enable it and renewals are handled completely automatically.
Look, I regard myself as being a reasonably computer literate person and one who regularly fiddles with hardware, writes complicated programs and helps others out of trouble. But computing has many facets and until now, I have had little reason to look into the finer points of security, in particular the ssl process. What I have found on reading about the subject is that those who want to advise and instruct have little idea about how to do just that. I am probably just as guilty as anyone when helping others in that I invariably start using words that are completely foreign to the person on the other end. The trouble is, every branch of computing has developed its own often quite complex terminology which invariably includes a host of unfamiliar acronyms. When one wants to investigate any one of those, one soon finds that the explanatory article contain even more acronyms, which need more investigation and so on. The result is a kind of chain reaction of acronyms and a totally confused reader. Soon there will be more acronyms than car number plates.
Now, with regard to my website, its root directory has a number of subs including one labelled ssl, another ssh and another called cpanel. It now has certsage as well.
The ssh one contains two keys and the ssl folder has three subs, 'certs', 'csrs' and 'keys'. Is this a standard layout or is it just the design of my particular host? What I am not clear about is precisely where the various components of the entire ssl bundle should be located. Can somebody please advise in simple terms.
code.txt - Entered into the Code box to prevent unauthorized certificate requests
account.key - ACME production account key
account-staging.key - ACME staging account key
responses.txt - HTTPS responses from the ACME server for debugging
certificate.crt - Your leaf certificate followed by the CA bundle certificates
certificate.key - Your leaf certificate's private key
The necessary process is exactly as I've described in excruciating detail here:
Given that many of the more senior members of this community, myself included, have successfully aided thousands of help-seekers from all walks of life from all over the world to acquire and utilize SSL certificates for myriad applications and situations, I find your assessment lacking in application within this community. Admittedly, SSL certificate usage is a niche area of computing, but the detail and guidance provided within this thread should be well more than adequate at this point to write an entire blog article on the subject.
I don't think it's possible to explain what needs to be done to enable TLS in any simpler terms, there is an inherent level of complexity involved with setting up TLS that everyone here is running against.
With TLS no longer being optional in today's threat landscape, this is exactly why there is a push for automation.
I am not using the same 'cpanel' shown in your post. I don't have such a thing anywhere on my computers. I use the root directory of Filezilla which includes a cpanel folder that is nothing like yours.
I should have been more clear, so I apologize. Your hosting provider Crazy Domains is using cPanel to manage your hosting package. The screenshot you posted is from a different package/version of cPanel than mine (GoDaddy). If you provide them with exactly the certificate.pem and cabundle.pem files I've given to you from this post (along with certificate.key from you CertSage directory):
CD should have no problems installing your certificate. This is assuming that no new certificate has been generated since the one I generated so that the private key has not been overwritten.
You should never give a 3rd party your private key (i.e. nobody but you and your server and inherently the hosting provider should know it), your server needs the private key to function. The Certificate is comprised of two parts, the certificate and the private key.
The private key is generated on the server, either by an ACME client (Which should be CertSage if i'm following this correctly)
certificate.key is your private key
certificate.crt is the CA bundle including the certificate's public key
You will be please to hear that I now have ssl installed on my website. Thanks for your assistance. I have learned a lot. I will be very pleased to again donate to certsage, which does the job very neatly. My only suggestion is that its instructions be broadened to cover a wider range of host servers and software, if you have not done that already.
At present, CertSage doesn't support autorenewal. Even if it did, that wouldn't be possible given your hosting provider's limitations. Renewing your certificate with CertSage is the same process as acquiring a new certificate.
The certificates are valid for 90 days so you'll need to use CertSage to grab a new certificate and upload it every 3 months at the latest, but I'd do it at least a week before expiration in case anything breaks you have time to fix it.