and I am getting this error:
updating letsencrypt and virtual environment dependencies…Command “python setup.py egg_info” failed with error code 1 in /tmp/pip-build-Tqwq7A/cffi
normally I’d just say run “python --version” however if you don’t have ssh access that will be tricky.
If you are using cpanel, there isn’t yet ( I don’t think ) a really easy way to automate thing. I’m assuming you are also on a shared hosting system, so you don’t have root access ?
Can you say a little more about your configuration ?
is it your server ( and access to WHM ) or do you just have a cpanel account on a server hosted by someone ?
What version of cpanel are you using ?
I did not know the python --version trick. It worked! So here it is: Python 2.6.6
I used putty for the previous attempts so I am not using cPanel at all. I just thought I could find that information for the sever through cPanel. I did not know about the commands. I am a newbie.
We do not have a dedicated server - we are on a shared host because it is so much cheaper.
Cpanel version: cPanel Version 11.52.2 (build 1)
Do you think I can still do this? If so, I would really need help. Thanks.
The easiest for now ( on a shared cpanel server) is probably a manual method. You would ideally need to upgrade python to 1.7 on your server to do things automatically. I don’t think it will be long before there is an automatic method, but not there yet.
You can either generate the private key and CSR using putty ( there are details of how to on https://gethttpsforfree.com/ ) or you can generate them in cpanel in the SSL/TLS Manager section.
You will be asked to create a file, with given contents, on your website to prove ownserhip, and then a certificate provided.
You can install the certificate in cpanel in the SSL/TLS Manager section.
I was able to do step 1 on the website that you provided.
However, I am having issues with step 2.
I was able to do the command: openssl genrsa 4096 > domain.key but I do not know what to do after that because there is no explanation on how to change foo to my site. Also, I tried looking for the file account.key in my list of files on the server- but I do not see it anywhere. I looked in etc and ssl.
which would have generated a private account key for you. If you then run (again in putty, in the same folder);
openssl rsa -in account.key -pubout
it will print out the account key for you - that you can then paste into the box on the website ( https://gethttpsforfree.com/ )
Did the first command give any errors or anything ? if not it should have created the file "account.key" for you. It should be in the folder where you ran the first command.
Generate a CSR for your the domains you want certs for:
(replace "foo.com" with your domain)
Linux:
#change "/etc/ssl/openssl.cnf" as needed:
# Debian: /etc/ssl/openssl.cnf
# RHEL and CentOS: /etc/pki/tls/openssl.cnf
# Mac OSX: /System/Library/OpenSSL/openssl.cnf
openssl req -new -sha256 -key domain.key -subj "/" \
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))
Copy and paste the CSR into the box below.
This does not make any sense to me. I open the domain.key and I see what I see in account.key but it is different text.
Also, I tried via cPanel and since I created it, it will bring up a page asking if you want to continue, so I do not want to do the cPanel method.
I tried that and I got this error:
cat: /etc/ssl/openssl.cnf: No such file or directory
unable to find ‘distinguished_name’ in config
problems making Certificate Request
xxxxxxxxxxxxxxx:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:335:group=req name=distinguished_name
What were you doing / where did you get this message ?
Did you obtain a certificate and then got this error when installing ? or was this at one of the steps before when you were trying to obtain the certificate? if so, which step ? what have you completed and what was the exact command you were using that got the certificate ?
that is correct. I got that message after I typed: openssl req -new -sha256 -key domain.key -subj "/" \ -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \ <(printf "[SAN]\nsubjectAltName=DNS:ilovemusic.net,DNS:www.ilovemusic.net,DNS:ilovemusic.org,DNS:www.ilovemusic.org"))
So basically, this is what I did: openssl genrsa 4096 > domain.key
then: openssl req -new -sha256 -key domain.key -subj "/" \ -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \ <(printf "[SAN]\nsubjectAltName=DNS:ilovemusic.net,DNS:www.ilovemusic.net,DNS:ilovemusic.org,DNS:www.ilovemusic.org"))
