Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: probusashburton.org.au or www.probusashburton.org.au
I ran this command: I only have access to cPanel, not to Shell
It produced this output:
My web server is (include version): No idea, hosted with Netrigistry.com
The operating system my web server runs on is (include version): Linux
Your hosting provider might have disabled the cPanel feature that allows you to get a Let’s Encrypt certificate from within cPanel (because it sells GeoTrust certificates). At least, this is my impression from looking at the Netregistry support pages. I would suggest that you ask Netregistry support to confirm whether this is still the case.
The support pages do mention a less-convenient option to import an externally-generated certificate:
You can use a web-based Let’s Encrypt client to obtain a certificate and then import it this way, for example using https://www.zerossl.com/ or https://gethttpsforfree.com/. This method is much less convenient because it’s a more manual process to generate the certificate (and prove your control over the site), and because you’ll have to repeat it at least every 90 days.
The integrated support for Let’s Encrypt in cPanel would be a lot easier, but it has to be enabled by the hosting provider.
Yes, through cPanel I can manually enter a certificate, my question is - where on Let’s Encrypt I can obtain the certificate to insert into the Netreistry page… The URL you are suggesting below seems to be NOT a Let’s Encrypt site??? I am confused here…
I wrote a complaint to Netregistry and wait for a feedback. I am about to publish an 8th website and consider moving them all to another host…
That's true! Let's Encrypt doesn't provide a web-based service to obtain certificates, only an API that software can use to request certificates. Because of this design, there are dozens of different tools that people use to get certificates from Let's Encrypt:
cPanel itself includes one, but it can only be used if the hosting provider permits it.
The web-based clients that I mentioned are third-party tools that use Let's Encrypt as the back-end certificate provider.
(Certbot, which I've worked on, is a program to obtain certificates that's mainly aimed at the case where you have shell access and preferably root access on the server—commonly on a VPS or dedicated server, rather than shared hosting.)
OK, I followed the first link you provided me with and it brought up a new pages which I followed, here is my directory structure on the host server. I uploaded the 2 files to that directory as you can see. My website is in the public_html folder, but when I click the link I get the following error
Not Found
The requested URL /.well-known/acme-challenge/K7xShyv6ZXJgj9gp214kTlxGy2UqJdJw5Rhij5Z9RCQ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
In this case it looks like you’re missing the leading dot in .well-known — it appears that you wrote well-known instead of .well-known. The dot is a required part of the directory name.
Did you start from the beginning or did you try to continue the previously-existing certificate issuance process? Normally you would have to start over.
It looks like your site is now using a cPanel-generated certificate which must have been generated from within cPanel. This is different from the Let’s Encrypt certificate that you also created—it’s issued by a different authority and it covers more subdomains.
I don’t know how that happened, for example if you figured out how to use the built-in certification support in cPanel. However, the site currently looks OK to me and I see a padlock in my own browser.
Your site is fine. Internet Explorer no longer displays a padlock for secure sites at all, at least with DV certificates.
You can confirm this by looking at this very forum in each of those browsers: the other browsers will display a padlock for this site, but Internet Explorer won’t.
You can tell which certificate it is by looking at the browser’s certificate information dialog. For example in Firefox, if you click on the padlock a menu pops down and there is a “>” for more information. Clicking on the “>”, you’ll see “Verified by cPanel, Inc” (instead of “Verified by Let’s Encrypt”). (There is also a “More Information” button at the bottom of that menu to see much more technical information about the certificate, including details like its serial number, which domains it covers, when it expires, and many other things.)
There’s nothing bad about using a cPanel certificate; I’m just a bit confused about the sequence of events that led to its being used on your site. In particular, you did also successfully create a Let’s Encrypt certificate for the site
but that certificate isn’t being used on the site. Rather, the cPanel certificate is being used. That suggests to me that maybe you, or your hosting provider, did manage to turn on the feature in cPanel that automatically obtains a certificate (rather than, or subsequent to, importing the Let’s Encrypt one).
Thanks again for the explanation, I never got into this topic until now.
I am attaching here a PDF with some screen shots of what I see on the various pages in cPanel - I look at it and have no idea what I am looking at, maybe this can help in understanding what is going on here???
This is an insecure link and presumably generates a mixed content error (trying to load insecure resources inside a secure page) and so you should change it to
Sadly, that document came out blank! Can you try logging into the forum and uploading it in a reply to the thread there, instead of replying by e-mail?
