How to certify our GoDaddy managed WordPress hosting?

Hi,

We are using GoDaddy managed WordPress hosting for our website www.enmain.com. We want to add SSL certificate to our hosting. How can we setup this?

Please explain with step-by-step procedure.

Hello @Enmain,

I don’t know how GoDaddy managed Wordpress hosting works but the first thing you should check is that you are allowed tu use third party certificates. Using a control panel, contacting their support team, etc.

If you are allowed to use third party certs for your hosting plan then you have several options depending what you are allowed to do in your hosting… checking GoDaddy Wordpress page seems that your only option could be the manual mode, that is, generate the certificate in other machine and upload it manually to your hosting (via control panel or whatever method is supported by your hosting).

I’m saying that you should use manual method because I doubt that you can install the letsencrypt client in the machine where your site is hosted.

If you want to use the manual mode:

1.- You should check that you can create the following dirs in the document root of your site .well-known/acme-challenge/. Once the dirs are created, upload a simple text file, for example. test-lets with whatever content. Once uploaded you should view the content of the file using the url http://www.enmain.com/.well-known/acme-challenge/test-lets

2.- You should install letsencrypt client on a machine (recommended a Linux machine) and use the manual method (you can get more info here). Basically is to launch the following command letsencrypt-auto certonly --manual and follow the screen instructions. If that is not an option you could also use something like gethttpsforfree.com that doesn’t require any client, the web page is the client itself but even using that site, you will need to use openssl to create the keys, csr, etc. (it is explained in the web page with the exact commands that you should use).

Note: Independently that you use the letsencrypt client or web site, in the middle of the process you will be requested to create a challenge file and upload it to your website (to .well-known/acme-challenge/ dir) so the process can continue and validate that you are the owner of the domain.

3.- If the process worked as expected, you will get 4 files; your private key, your signed certificate, a chain file (containing the intermediate cert) and the fullchain (containing your signed cert and the intermediate cert). Then you should install them on your web server using a control panel or asking to support team the right steps. The files that you should install will vary, some sites asks for the private key, cert and chain, others asks for the private key and the fullchain… that’s something that your hosting company should tell to you.

4.- Enjoy your cert :wink:

I know the manual mode is a pain and maybe a bit confusing till you know how the entire process works but give it a try.

Note: Keep in mind that the certs are only valid for 90 days, so you will need to repeat this process every 70-80 days.

The other option is ask GoDaddy to support Let’s Encrypt so they can automatically generate the cert in seconds just using a button in your control panel. As GoDaddy is a SSL Certifictes vendor, I doubt this will happen… who knows.

And the last option… move your site to another hosting company that supports Let’s Encrypt. There is a list with confirmed hosting companies supporting Let’s Encrypt.

Good luck,
sahsanu

1 Like

I did it!

Just installed sshfs in my linux desktop and mounted in my godaddy public_html.

sshfs <username godaddy>@www.<domain>:/home/<username godaddy>/public_html/<domain> /tmp/mnt -o uid=1000 -o gid=1000 -o allow_other
sudo ./letsencrypt-auto certonly --webroot -w /tmp/mnt --agree-tos --redirect --duplicate --text --email <email> -d <domain> -d www.<domain>

After that just put your cert files in the Godaddy config

1 Like

I got through step 1.
I don’t know how to use a terminal to navigate my site? I use FTP. Any help/advice?

Do you have a *nix machine at home? From what malvadao wrote, the above commands were on his personal machine.

He set his web site up on GoDaddy’s remote server, then mounted it on his personal machine using sshfs. He then created his certificates using webroot, and then manually added his certs into the GoDaddy config. Webroot worked in this situation because the LE client was able to place the temporary hidden file directly into GoDaddy’s server via the mount point.

Is this something you’d be comfortable with?

I’m not sure what you mean by terminal - Once malvadao created his certificates, he used GoDaddy’s configuration interface (his account page on GoDaddy’s site), he didn’t use a terminal (SSH) or FTP.

What malvadao did was actually quite clever, but it’s not the sort of thing I’d recommend for a novice! You’d have to ensure your regular renewal cronjob ensures the remote server is mounted properly before any renewal attempt is made, and there are other considerations with this approach.

Good luck!

I am working on a Mac…

I don’t know much about the backend, so no I’m not comfortable with those instructions provided. Any help is appreciated. Thanks!

In that case I don't think malvadao's technique is possible - I have very little experience with macs, but my understanding is that macs only have a few early FreeBSD userland utilities from back in the 90s when Next forked from BSD. I have no idea how macs access more recent *nix utilities. (I'm happy to be corrected if anyone has further information!)

I think your only option is to convince GoDaddy to provide a means (or buy one of their certs). You should re-read sahsanu's above guide again. If that's out of your comfort zone, I'm afraid Let's Encrypt might not be suitable for you for the time being.

Well I also have a PC. What exactly do I need access to? I’m not at all knowledgeable on this topic. Thanks DarkSteve

Oh, sorry, I'm never as explicit as I think I am or intend to be!

I meant access to utilities such as sshfs, which is what allowed malvadao to mount his GoDaddy account as if it was part of his hard drive.

The initial release of Let's Encrypt and it's clients were written with *nix in mind, specifically linux, even more specifically Debian linux. I run FreeBSD, and even though linux and the BSD's have a lot in common, it still took a few months before the clients were ported to FreeBSD and were reliable enough to use. While you can get the client running on a mac (OSX is derived from Next, which is derived from FreeBSD), I just don't have sufficient knowledge of macs to help.

However...

You should check out the list of Windows clients for Let's Encrypt. You'll need something that can handle "manual mode" as describe by sahsanu above. What you're doing is creating the certificate for your site, then you'll need to manually add the certificate to your GoDaddy account.

Or, if you're willing to wait a month or so, you can use Windows 10 with NeilPang's acme.sh client, which is one of the most mature and powerful command line clients. The upcoming update to Windows 10 is going to contain the command shell Bash, and acme.sh has been tested and is working on the insider program's test release. If you have access to the insider program test release of Windows 10 (or if you wait until the next major Win10 update) then I'd recommend using NeilPang's acme.sh client.

Unfortunately, no matter what you do, it's going to take a fair bit of reading in order to understand how to get what you need out of the client. It's a steep learning curve, but it's also very satisfying when you get there :sunglasses:

Hey DarkSteve. How are you doing?

I think is possible create cert files from manual plugin in letscrypt. You can create directory and upload the file using FTP. The test will be possible this way.


E7E0 95DE 7D86 7A97 CC63 4611 6271 A2BE 9A47 DD8E

If you have an ssh access to your godaddy host. you can use acme.sh.

Which is tested working on:

  1. Windows (with cygwin)
  2. Mac
  3. Linux
  4. Unix

You don’t have to be root. Any normal user can install and use:

curl   https://get.acme.sh  | sh
1 Like

Cool! Will test now :grin:

After burning up a perfectly good weekend on my own version of this issue (GoDaddy hosted Drupal for me), I think I at least have an explanation of WHY none of the suggestions above work for me. It seems to me that certbot, acme.sh, gethttpsforfree, and anything else that attempts to verify a domain by writing then reading a file on a Drupal (and I imagine WordPress) site is going to fail. Drupal will always wrap that verification file in a php generated web page that will confuse the client.

Am I wrong? Is there a fix to all of these “Detail: Invalid response from
http://mydomain/.well-known/acme-challenge/REs8Uvbiv…” verification responses? Any help appreciated.

That is correct. Take a look at this thread:

The last post leads to a Drupal bug report including a patch for Drupal's .htaccess file that will make it work with /.well-known/acme-challenge.

pfg, everyone, THANK YOU! I can walk outside in the sun again. Simple .htaccess fix was all it took. I had figured .htaccess held the keys, I’m just not well versed in .htaccess.

Oh, I might also add that I ultimately used Neilpang’s acme.sh.

I know this is an old topic, but I am trying to figure out how to use Let’s Encrypt’s certificate with a GoDaddy Managed WordPress installation. I was able to get as far as generating / installing the certificate with the WP Encrypt WordPress plugin. So I seem to have a certificate now, but the next steps have me stumped. The plugin’s instructions say:

Detect which Apache config file to edit.
Usually this file can be found at either /etc/httpd/httpd.conf or /etc/apache2/apache2.conf. In particular, you need to look for a file that contains multiple blocks.
A good method to detect the file on Linux machines is to use the command grep -i -r “SSLCertificateFile” /etc/httpd/ (the last argument should be the base directory for your Apache installation).

And I actually seem to be able to access my /etc/ folder through SFTP, however, I don’t have an HTTPD or APACHE2 directory there.

Anyone have any additonal ideas on what to do next? I doubt Godaddy is going to be of help on this, especially since they sell their own $69 SSL certs.

1 Like

Hi @EronC, does your management interface for GoDaddy allow you to upload certificates somewhere?

Unfortunately, no. The WordPress plugin I used, just drops off the peices like so:

Certificate: /home/content/a2pnexwpnas02_data02/86/3448786/letsencrypt/live/www.domain.com/cert.pem

Certificate Chain: /home/content/a2pnexwpnas02_data02/86/3448786/letsencrypt/live/www.domain.com/chain.pem

Certificate Full Chain: /home/content/a2pnexwpnas02_data02/86/3448786/letsencrypt/live/www.domain.com/fullchain.pem

Private Key: /home/content/a2pnexwpnas02_data02/86/3448786/letsencrypt/live/www.domain.com/private.pem

That’s generating the certificates (which is the first part of the problem), however you need to be able to install those certificates onto your server and, unless GoDaddy provide a method by which you can upload them into the server config, then you aren’t able to use them unfortunately.