How to get a certificate

nppost · February 21, 2018, 6:47pm

hi, am new to Let’s encrypt and its processes. i used to see it on websites and i thought it was something i can get from the click-of-a-button, hence i tried to get it, but i cant see a button to click to install, or get the certbot. infact, am confused about this and my site is having serious issues so i need the lets encrypt ssl

danb35 · February 21, 2018, 6:59pm

Start here:

schoen · February 21, 2018, 7:04pm

This depends enormously on your hosting environment. Some hosting providers do provide such a button, but others don’t.

Let’s Encrypt needs to verify that you control the names that you’re asking for a certificate for (via making changes to your site), and then your web server configuration needs to be changed to install the certificate. Some hosting providers make this automatic via a control panel, whereas in other cases you would have to install a client application on your web server. In still other cases, the hosting provider may not permit the use of third-party certificates at all.

nppost · February 21, 2018, 11:59pm

i’ve read that ‘getting started’ write-up more than three times. the explanation looks simple but its actually not.

nppost · February 22, 2018, 12:16am

@schoen my web host provider is arvixe, i looked through the list of host providers that support Lets Encrypt i did nit see thier name but on my cpanel i saw a provision for importing certificate. i think they would allow for third party certificate. but my problem is; how can i get the certificate and how can i get the cerbot?

when i checked the Let’s Encrypt website i saw some brief explanations like “If your hosting provider doesn’t want to integrate Let’s Encrypt, but does support uploading custom certificates, you can install Certbot on your own computer and use it in manual mode.”

then i looked for how i can get certbot i saw a page where i can select my ‘software’ and 'system’
after i made my selections i saw this ’ Get Started
If you have administrative shell access to your webserver and you’re comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don’t have these privileges on your webserver or you’re not familiar with command line server administration, Certbot probably isn’t the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let’s Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn’t provide built-in Let’s Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let’s Encrypt certificates automatically. Let’s Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.’ to be honest it looked like a dead end. please i need help

schoen · February 22, 2018, 12:31am

Which hosting plan do you have with arvixe? Do you know if you have root access to your server and are allowed to install software on it?

Does your cPanel interface not have an existing Let’s Encrypt feature? (For example, based on AutoSSL: https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/)

There are lots of ways to get certificates, but basically I’d say about 95% of users who succeed do one of three things:

They are using a plan on a hosting provider that already supports Let’s Encrypt, so they either do nothing or just press a “Let’s Encrypt” button of some sort in a control panel. The hosting provider takes care of everything else.
They are using a plan on a hosting provider that lets them administer their own server, including by installing software on it, so they install software like Certbot on the server and run it. (This is most often the case on a VPS or dedicated hosting plan.)
They are using a plan on a hosting provider that lets them import a third-party certificate. Depending on their level of comfort with installing software, they either install some software on the server and generate a certificate to import using a control panel interface, install software on their own desktop computer that has the same effect, or use a web-based interface like https://www.zerossl.com/ and then import the certificate that they get at the end of that process. (This is most often the case on shared hosting plans.)

We also encounter a smaller number of people who are using a plan that effectively prohibits them from using third-party certificates or charges them extra fees to do so, or who find the steps necessary to make Let’s Encrypt work with their hosting environments to be too intimidating or time-consuming.

nppost · February 22, 2018, 12:34am

its a shared hosting plan

schoen · February 22, 2018, 12:35am

Do you have shell access that you can use via SSH?

nppost · February 22, 2018, 12:37am

if i undertsand correctly i think you mean ssh, yes, i can see ssh from my cpanel

schoen · February 22, 2018, 12:44am

So, you may have a range of options in this case.

① Contact your hosting provider’s support and ask them to enable the feature in cPanel that supports Let’s Encrypt. In that case you can do everything inside of cPanel without installing any additional software. Something like this is our preferred solution for most shared hosting.

② Use ssh to log in to the server and install some kind of client application on the command line. This will let you get a certificate in a file on your server account, and then you should be able to import that certificate using cPanel.

Using Certbot is possible for this, but it’s not exactly what Certbot is optimized for. In another thread, there was a suggestion to consider using the acme.sh client instead because it has better cPanel installation support:

③ Use a web interface like https://www.zerossl.com/ and follow the steps that it prompts you to do. At the end, you’ll get a certificate that you can save and then import into cPanel. This alternative is the simplest but doesn’t provide any automation for renewal, so it would have to be repeated at least every three months.

nppost · February 22, 2018, 12:48am

Thanks a lot. let me start right away

nppost · February 22, 2018, 3:32am

hi @schoen i saw this while following the process on zerossl.com ‘To verify domain ownership using DNS verification, you will need to create DNS records of TXT type as shown below. Please remember that it takes some time for new DNS records to become “visible”, so you may need to wait for 15-20 minutes before clicking “Next”. You can check whether your records became visible with the following command: “nslookup -q=TXT XXX”, where XXX is one of the records as shown below.’

but i dont know where to create or place the DNS record.

schoen · February 22, 2018, 4:03am

What’s your domain name?

tarantula901 · February 22, 2018, 6:45am

Thank you so much. You shared a link.

schoen · February 22, 2018, 8:23am

Thanks! Your nameservers are NS1.ARVIXESHARED.COM and NS2.ARVIXESHARED.COM, which are clearly nameservers operated by your host Arvixe. Arvixe probably has some kind of interface (most likely a web page) that lets you modify your DNS settings. This does not necessarily include the ability to add a TXT record (because some hosts only let you make certain specified kinds of changes rather than completely controlling your DNS zone)—but it might!

nppost · February 22, 2018, 8:27am

thanks a lot. i’ve fixed the dns issue and i used nslookup to search for the TXT file and i saw it. am trying to generate the certificate. thanks very much

system · March 24, 2018, 8:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.