I am in a delimma with my cPanel Shared Hosting Plan. I learned they do not allow root access and I need it to auto-renew. Here are the options brought to my attention. Can you help me decide with some insight?
I can purchase a private server and pay around $40/month
I can purchase an SSL from my web hosting company for $6-7 month and keep the same shared plan
I can install Let’s Encrypt for free and manually renew it every 60 or 90 days.
Questions:
How many hours does it take to manually renew 1 domain and no sub-domains every 60 or 90 days?
What factors determine if I have to renew my Let’s Encrypt SSL every 60 or 90 days?
How can I set it up to be 90 days?
What option would you chose from the options I showed you? What is your setup like with your hosting company?
If I go with Let’s Encrypt now, is it difficult to back out after a year and change SSL’s?
I would say manual renew takes a minute or so normally. The certificate is valid for 90 days - you could renew after 60 days if you want, but it would not make much sense, so just renew before expiration (a day or two should be fine as long as you remember to do it). You can start using any other SSL certificate at any time.
As for the server for $40/mo, for the small project that seems a little extreme and you could find something for $5/mo or less on https://lowendbox.com or just get a DO droplet.
Thanks for your response leader. Can you provide me a URL for the steps that take a minute or so normally?
Agreed. $40/month is too steep. Have you used lowendbox.com? Would I have to manage the server or will they? Do you have any experience with DO? I have never heard of them. I am in Canada. Are they trustworthy?
If you're using HTTP verification and it's one domain as you said, then for example on ZeroSSL the renew process would consist of filling in 2 fields on the first screen and then creating verification file with a given name and content on your server as shown on the second screen. Takes almost no time and after that you'd get the renewed certificate.
If you have visited the link provided, you could find that lowendbox is not a service provider but more a community/blog with posts listing affordable VPS offers. DO (Digital Ocean) is a well-known company, usually high-ranked. I have not used them personally, but they do have quite nice tutorials and seem to be providing good customer support according to reviews.
If you’re not familiar with server administration, I would recommend taking a look at the list of web hosting providers that support Let’s Encrypt rather than running and managing your own server. I think a number of the hosts on that list support cPanel with AutoSSL (that is, if you’d like to stick with cPanel), which will allow you to get certificates with one click. (Sorry, can’t remember which of the providers do actually support AutoSSL, you’ll have to dig a bit. Make sure that they actually offer AutoSSL - there are some who disable that feature in cPanel.)
Can you please explain what you mean by HTTP verification? I am not familiar with ZeroSSL. Are you implying this is an easier way to install and renew the certificate instead of following a step-by-step tutorial? Sorry, I am not very technical.
Whenever you get a certificate from Let’s Encrypt, you have to prove that you control the domain name that you’re trying to get a certificate for. HTTP verification is a method of doing this by creating a file in a specified location on a web server that the domain name is pointed at. Many different Let’s Encrypt clients support this in various ways, from completely automated ways (typically if you have root access on the web server) to completely manual ways (where you will be told to create the file yourself, including what the name of the file ought to be and what it needs to contain).
Thanks schoen. Can you please provide easy steps for a non-techy to have a fast way to manually renew Let’s Encrypt every 90 days locally (not in a web browser)? I use GoDaddy shared hosting plan so auto-renew is out of the question because I don’t have root access.
You don’t have to give them access to your keys. Indeed, https://gethttpsforfree.com/ won’t let you. You can generate them locally and paste the CSR and whatever into the website, like with most other CAs.
I would like to second a recommendation for Digital Ocean. I use them for my personal projects, as well as for all my clients. They are certainly trustworthy and reputable, and growing quickly.
If you want to try it, they start out at only $5/mo, which can be enough for many sites. I personally use 1 of their $10/mo VMs and one of their $5/mo VMs for my personal projects, and many bigger ones for clients. Also, this link (full disclosure: affiliate link) can get you a free $10 when you sign up, so you can tinker free for a month or two, and see if it’s right for you.
With Digital Ocean, you can use LE with auto-renew. All my sites are HTTPS and I rarely have to touch them, unless something breaks.
Cheers @benyanke. I have decided to stay with GoDaddy. I like their service. Have you had anyone hack you? What security software do you use for your website?
No, I can't say I've ever been hacked. Right now, my security consists of a port blocking firewall (which blocks everything but 22/80/443, and blocks 22 for non-US IPs) and notifications when ssh connections are successfully achieved.
How is their customer support? Are they experienced tech support people? 24/7? I don’t remember seeing chat support on their website. I guess I would have to call in.
Their support is very good, but do be aware, it's VPS, not shared hosting, so any OS issues are your own to fix. However, whenever I've had external issues, they've been quick and helpful.