LE does require root, you know so LE could do that on any “normal” webserver and with partial automation maybe daviid meant that LE generates the certificate and notifies me to upload it on the server when it’s time for renewal,
1 Like
“What were you expecting, exactly? For letsencrypt to magically install a certificate for your site?”
Well, yes!
Let’s encrypt is about letting anybody use HTTPS to secure their site against increasing numbers of malicious eavesdroppers all over the world.
The home page implicitly promises that this will now be an easy process, not the difficult series of steps it used to be.
Most folks who run small websites know how to use parts of management tools like CPanel and Plesk. They don’t know how to use certificates and certificate tools.
CPanel does not yet offer Let’s Encrypt. They have doubts about reliability and repeatability that I share.
So the letsencrypt home page needs to explain clearly what our tool (ACME) is, and how to install it. The current page has one obvious link for this: Get Started, which points to https://letsencrypt.org/getting-started/.
This page is totally confusing for the vast majority of people who run small servers. You can see this by reading this forum, filled with confused questions.
One of the confusing commands on this page is:
certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
Which of the strings here are literals, and which are placeholders, meant to be substituted? Which of these strings are pathnames that already exist on Linux systems? Which are pathnames of directories or files that the user is supposed to create? Why isn’t there a detailed explanation of how to create the actual command that must be submitted?
Some developers are smug, arrogant in their intimate knowledge of HTTPS, certificates, certificate authorities, and how Linux, Apache, Nginx, IIS, sockets, tools, etc., etc. We don’t need this in Let’s Encrypt. We need clear, simple explanations of our complex tools, with detailed examples, both ordinary simple examples and unusually complex examples.
Just my opinion. No criticism of any person is implied.
let me help you a bit by changing it a bit.
certbot certonly --webroot -w /path/to/webroot1 -d domain1.com -d www.domain1.com -w /path/to/webroot2 -d domain2.com -d www.domain2.com
this setup gives the following.
we have 2 webroots which each hold 2 domains.
/path/to/webroot1 contains domain1.com and www.domain1.com
/path/to/webroot2 contains domain2.com and www.domain2.com
if you had only 1 path and 1 domain it would look like this:
certbot certonly --webroot -w /path/to/your/webroot -d domain.com
the paths to the webroots are where your websites are located. the domains are the domains you want to set, in other words the placeholders. certbot certonly and -w and -d (or any other parameters that you might see) literals
does this help.
Where have you seen these "doubts" expressed by CPanel? Their last official feedback to their users said they expected CPanel to include Let's Encrypt functionality in their next major version, which they hope to deliver by July / August.
ialaramex, I’m glad to hear that. A month or two ago that’s what they told me when I asked them. I’m not sure their message to me was “official”, but I’m tending to think so. But that is what they said then, and apparently they’ve followed up with LE and I’m glad. I don’t know if anyone here realizes what a big deal it is for CPanel to support LE in either CPanel or WHM. This is very good news, thanks.