Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Thanks. Our website host send us a csr, and as I understand it I must send that csr code to our Certificate Authority, which is Let's Encrypt. But there seems no way to send Let's Encrypt this csr code. I've check community for related questions -- everything is so technical and this is a simple question.
I want to obtain a security certificate. Our website host send us a csr code. How to I send this code to Let's Encrypt, our Certificate Authority. This is a simple question, but I can't find an answer.
I great the documentation. Great to learn how the process works. I have the CSR, I just want to upload it -- send it -- to Let's Encrypt. How do I do this? There is no "upload" option or "email" option - no way to send the csr to Let's Encrypt that I have been able to determine.
One way to think about it is that, unlike previous CAs, Let's Encrypt doesn't have a web interface and requires you to install a software application that requests certificates for you.
This is most often done by the hosting provider, so if your hosting provider doesn't take care of this for you, your experience using Let's Encrypt might be kind of complicated and cumbersome. (You're still allowed to use Let's Encrypt services without this kind of hosting provider integration, but the workflow of "sending a CSR file to the CA" is one that Let's Encrypt is really not optimized around.)
The main client software options are
There has been some controversy on this forum and in this community about unofficial web sites that people have made that try to replicate some of the experience of using a traditional CA (by letting you upload a CSR file to those sites, for example, and having them submit it to Let's Encrypt for you). The main view of the people running Let's Encrypt has been that this is not a recommended way to use the service.
The most popular version of this was https://zerossl.com/, which has now been purchased by a different certificate authority and now exclusively interacts with that CA (not with Let's Encrypt). As the certificates there are also free of charge (with different rules than Let's Encrypt), you could also try that if you really want a traditional CA experience of getting the certificate inside a web browser using a CSR file, except without the paying for the certificate part.
Many of these clientsdo have an option for using a CSR, so you could use one of those and just use it for sending the CSR to Let's Encrypt. It's just a lot harder to automate things that way, and with the 90 day certificates that Let's Encrypt uses, automation makes things much nicer and easier for you.
Ideally, your web host would integrate with Let's Encrypt directly, rather than trying to send you a CSR. You may want to contact them to see if they offer some service like that.
Is your web hosting provider using cPanel by chance? If so, they have an “Auto-SSL” feature that can be enabled to issue free certificates either from cPanel, or Let’s Encrypt. If they are giving you a CSR, they want you to go buy a certificate, usually from a vendor they are an affiliate of. I run a web host using cPanel, and I have it configured that every domain will obtain a free Let’s Encrypt certificate automatically. Although I have left the option to generate a CSR available, in case it is needed for an EV cert, I also purposefully have sales of paid certificates turned off (in this day and age, paid certs are just a money grab, and I’m not willing to fleece my customers).