How do I start?

Sorry for such a basic question, this is my first time installing SSL. My webserver gave me a CSR and told me to give this to Let’s Encrypt to get the certificate and Private Key. How do I do this? I provided a server information screen shot below. Thank you.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
It produced this output:
My web server is (include version):
I don’t know
The operating system my web server runs on is (include version):
See screenshot below
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
No, using Shared Hosting
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
cPanel 70.0 (build 69)
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I don’t know

Hi @Suchi

if you use shared hosting and cPanel, then check your cPanel if there is an integrated solution.

If yes, that’s the best option.

Then you don’t need an own client. And you may not install an own created certificate.

But that’s not required if your cPanel supports Letsencrypt certificates.

Thank you for replying. I contacted my web server and asked if they support Let’s Encrypt. They said yes, but I have to get the certificate myself, and then they will help install it. Then gave me a CSR and told me to give it to Let’s Encrypt to get a SSL certificate and Private Key. They told me to download those files when I get them, and then upload them to my home directory on the server. Am I supposed to use certbot?

This is not a recommended way to use Let’s Encrypt. The suggested way to use it is with automated client software, normally running on the web server itself.

There are ways that you can use a CSR to get a Let’s Encrypt certificate, but all Let’s Encrypt certificates are valid for only 90 days, so you would have to repeat the process frequently and would probably not have a good experience.

Typically, only the system administrator of the server can usefully install a client like Certbot on the server, so this isn’t a convenient solution for shared hosting environments.

Instead of using the CSR to obtain the certificate manually, I would suggest one of

  • getting your web host to add native Let’s Encrypt support,
  • switching web hosts to one with better Let’s Encrypt support, or
  • buying a paid certificate from another CA.

I see. Thank you for taking the time to explain. When I asked my server customer support if they supported Let’s Encrypt, they said yes – so I assumed they would manage the whole thing. You are correct, I don’t want to go through this every 90 days. I will check back with them with the feedback you provided. Thank you again.

You can compare with

Most providers listed here support Let’s Encrypt automatically, without requiring the subscriber to do anything. The ability to import an externally-obtained certificate doesn’t quite rise to the level of “support” by the standards of this list. :slight_smile:

Understood. Looks like I will simply have to pay for a certificate. I just finished chatting with my server and they confirmed they can only install a certificate that I obtain, and then repeat as needed.

Thank you again.