I don't know how to use certbot now that certbot-auto is deprecated

My hosting provider, if applicable, is: UK2

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel 11

Hi,

I don't know how to use certbot now that cert-bot auto is deprecated. Previously, I used to do the following:

sudo ./certbot-auto certonly --manual -d (my domains)

then when it gives me the acme-challenge, I log in to my cPanel on my provider's shared web hosting, File > File Manager, and create the required files there. One the certificates are created, I upload them to cPanel, Security > SSL/TLS.

But now certbot-auto is gone/deprecated, and I'm seeing recommendations to either use certbot (not certbot-auto) or acme.sh. But I've looked at both tools and based on the instructions I'm seeing, they seem to assume that I'm running the command line tool on the same computer which is hosting my website, which I'm not. If I run it on --standalone it wan't to run a webserver locally. If I run it on --webroot it wants to write files directly on the current machine.

Can someone explain how I can use either of those tools (certbot or acme.sh) when they are not being run on the same computer that is hosting the site, and I can't login or run shell commands on my shared host's web server. Or is there a way I can still use the old certbot-auto that worked before. My web host says they cannot provide any support with this.

Thank you.

-Lee


My domain is: N/A

I ran this command: N/A

It produced this output: N/A

My web server is (include version): N/A

The operating system my web server runs on is (include version): N/A

I can login to a root shell on my machine (yes or no, or I don't know): N/A

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

3 Likes

Welcome Back to the Let's Encrypt Community, Doctor Christie :slightly_smiling_face:

Certbot-auto was just a wrapper around certbot, so nothing should really change in your process other than how you install and update certbot itself. You have been using the manual authenticator to satisfy dns-01 challenges to prove your ownership of the domain names. The standalone and webroot authenticators are used to satisfy http-01 challenges.

See @Osiris's post right below for an automated approach.

I can enhance your command a bit:

sudo certbot certonly --cert-name example.com --manual --preferred-challenges dns -d "example.com,*.example.com" --keep

2 Likes

Also, I would like to suggest you to take a look at the following guide, which automates certificate issuance and installation with acme.sh for cPanel:

Automation is the way to go!

3 Likes

It works, thank you.

I don't think I can do the automatic method suggested though because I don't have permission to install things on the shared hosting. So I'll have to keep doing it manually.

By the way, can I modify the command to add more than one domain

sudo certbot certonly --cert-name mydomains --manual --preferred-challenges dns -d "example.com,*.example.com,example2.com,*.example2.com,example3.com,*.example3.com" --keep
2 Likes

You don't need root for that method. If you can install the certificate through cPanel manually, you should be able to use the script. It just uses the cPanel API to do it, it doesn't require root.

2 Likes

That command looks fine. You will likely want separate certificates if the domains are served by different servers.

1 Like

I tried to post this as a reply but accidentally posted without hitting reply and the forum won't let me post the same thing twice,

Anyway, I was going to say I don't have permission to log in to the cPanel via SSH even without root. and my hosting provider says they can't help.

2 Likes

Hm, strange, any error message?

2 Likes

Many hosting providers disable SSH access to your shared hosting instance by default when using cPanel. For instance, what is shown in my GoDaddy account outside cPanel:

If I turn SSH access On, I can SSH into my shared hosting instance. More interestingly, what is shown now in the Advanced section inside cPanel:

Terminal allows you to run things in a shared hosting instance without needing to use an external SSH application.

1 Like

I was under the assumption @javaxnerd could login with SSH as a regular user, perhaps I was wrong with that assumption.

2 Likes

I think you misread this:

1 Like

Probably, I interpreted it as "I can login with SSH, but from that SSH session, I can't log in to cPanel", which I already found odd.. How do you log in to cPanel through SSH? :thinking:

2 Likes

I think by "log into cPanel" he's meaning "log into my shared hosting instance". I'm pretty sure he's running certbot on his local machine. If we can get his SSH access enabled, that will open up worlds of joyous possibility. :grin:

1 Like

Yes I am running certbot on my MacBook and then either uploading the http challenge files via the web browser, or configuring the dns-challenge entries via the web browser. Then I upload the private key and full chain. All through cPanel in the web browser, no terminal access at all.

I emailed my host to ask if there was any way I can log in to run certbot and they said they can't help with Let's Encrypt as they don't provide any support for it.

2 Likes

You don't need to run certbot on your server. You can run acme.sh, which doesn't require root access. You only need basic SSH access to the server. You might be able to enable that in your hosting account outside cPanel. Do you have the Terminal icon in the Advanced section of cPanel?

By the way, I'm in the process of reauthoring my own ACME client specifically for cPanel users without root access. It's going to be a single PHP file that you upload to your server then access through your web browser.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.