I don't know how to use certbot now that certbot-auto is deprecated

My hosting provider, if applicable, is: UK2

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel 11

Hi,

I don't know how to use certbot now that cert-bot auto is deprecated. Previously, I used to do the following:

sudo ./certbot-auto certonly --manual -d (my domains)

then when it gives me the acme-challenge, I log in to my cPanel on my provider's shared web hosting, File > File Manager, and create the required files there. One the certificates are created, I upload them to cPanel, Security > SSL/TLS.

But now certbot-auto is gone/deprecated, and I'm seeing recommendations to either use certbot (not certbot-auto) or acme.sh. But I've looked at both tools and based on the instructions I'm seeing, they seem to assume that I'm running the command line tool on the same computer which is hosting my website, which I'm not. If I run it on --standalone it wan't to run a webserver locally. If I run it on --webroot it wants to write files directly on the current machine.

Can someone explain how I can use either of those tools (certbot or acme.sh) when they are not being run on the same computer that is hosting the site, and I can't login or run shell commands on my shared host's web server. Or is there a way I can still use the old certbot-auto that worked before. My web host says they cannot provide any support with this.

Thank you.

-Lee

My domain is: N/A

I ran this command: N/A

It produced this output: N/A

My web server is (include version): N/A

The operating system my web server runs on is (include version): N/A

I can login to a root shell on my machine (yes or no, or I don't know): N/A

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

Welcome Back to the Let's Encrypt Community, Doctor Christie

Certbot-auto was just a wrapper around certbot, so nothing should really change in your process other than how you install and update certbot itself. You have been using the manual authenticator to satisfy dns-01 challenges to prove your ownership of the domain names. The standalone and webroot authenticators are used to satisfy http-01 challenges.

See @Osiris's post right below for an automated approach.

I can enhance your command a bit:

sudo certbot certonly --cert-name example.com --manual --preferred-challenges dns -d "example.com,*.example.com" --keep

https://certbot.eff.org/docs/install.html

Also, I would like to suggest you to take a look at the following guide, which automates certificate issuance and installation with acme.sh for cPanel:

Automation is the way to go!

It works, thank you.

I don't think I can do the automatic method suggested though because I don't have permission to install things on the shared hosting. So I'll have to keep doing it manually.

By the way, can I modify the command to add more than one domain

sudo certbot certonly --cert-name mydomains --manual --preferred-challenges dns -d "example.com,*.example.com,example2.com,*.example2.com,example3.com,*.example3.com" --keep

You don't need root for that method. If you can install the certificate through cPanel manually, you should be able to use the script. It just uses the cPanel API to do it, it doesn't require root.

That command looks fine. You will likely want separate certificates if the domains are served by different servers.

I tried to post this as a reply but accidentally posted without hitting reply and the forum won't let me post the same thing twice,

Anyway, I was going to say I don't have permission to log in to the cPanel via SSH even without root. and my hosting provider says they can't help.

Hm, strange, any error message?

Many hosting providers disable SSH access to your shared hosting instance by default when using cPanel. For instance, what is shown in my GoDaddy account outside cPanel:

Screenshot_20201209-104504_Samsung Internet1376×1755 119 KB

If I turn SSH access On, I can SSH into my shared hosting instance. More interestingly, what is shown now in the Advanced section inside cPanel:

Screenshot_20201209-104910_Samsung Internet1322×2155 152 KB

Terminal allows you to run things in a shared hosting instance without needing to use an external SSH application.

I was under the assumption @javaxnerd could login with SSH as a regular user, perhaps I was wrong with that assumption.

I think you misread this:

Probably, I interpreted it as "I can login with SSH, but from that SSH session, I can't log in to cPanel", which I already found odd.. How do you log in to cPanel through SSH?

I think by "log into cPanel" he's meaning "log into my shared hosting instance". I'm pretty sure he's running certbot on his local machine. If we can get his SSH access enabled, that will open up worlds of joyous possibility.

Yes I am running certbot on my MacBook and then either uploading the http challenge files via the web browser, or configuring the dns-challenge entries via the web browser. Then I upload the private key and full chain. All through cPanel in the web browser, no terminal access at all.

I emailed my host to ask if there was any way I can log in to run certbot and they said they can't help with Let's Encrypt as they don't provide any support for it.

You don't need to run certbot on your server. You can run acme.sh, which doesn't require root access. You only need basic SSH access to the server. You might be able to enable that in your hosting account outside cPanel. Do you have the Terminal icon in the Advanced section of cPanel?

By the way, I'm in the process of reauthoring my own ACME client specifically for cPanel users without root access. It's going to be a single PHP file that you upload to your server then access through your web browser.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.