I'm hoping someone has made Let's Encrypt work with Easily.co.uk as I'm really struggling with it. It isn't my personal web site (it belongs to a group) so at the moment I can't just up and switch providers. Easily won't accept certificates that are shorter than a full year and to be honest if it was less than a year it would get very tedious keep re-doing it.
My domain is: http://www.evwa.org.uk/
My hosting provider, if applicable, is: Easily.co.uk
I cannot login to a root shell.
There is a control panel but it isn't cpanel. I'm also using Wordpress.
I reached out to Easily for help and this is what I got
Please use SSL Manager to generate a CSR and install your SSL certificate. You may follow the steps below.
- Log into the Portal page at Control Panel.
- Under your account name in the top right corner, select Web Apps.
- Choose your domain name in the drop-down list.
- In the Security section, click to launch SSL Manager.
- Inside the tool, select "Vanity SSL".
- Enter your company/personal details that will be used to generate our CSR.
- Send CSR to your SSL issuer and have them generate SSL certificate for Apache mod_ssl.
- Upload your SSL certificate in SSL Manager and wait for installation to complete.
I don't believe I can do what they are suggesting. Have I mis understood the Certbot info. To do an auto certbot thing - I would need shell access to the hosting server in order to generate the certificate. Is that right?
Assuming they relax the rule on less than a year - would I be able to use those instructions for a manual certificate? Though that said my PC is Windows and I'm not running any kind of web server on it.
Yes, it's possible to generate a Let's Encrypt certificate using a "third party" CSR. Certbot might not be the ideal candidate for it though, as its functionality using a custom CSR is rather limited. That said, if you need to manually do everything anyway, you're rather limited to begin with. If Certbot is indeed not very practical using a CSR, you might want to consider an alternative ACME client. You can find a list of ACME clients here: ACME Client Implementations - Let's Encrypt I don't have a preference for an alternative. Note that acme.sh, a popular Certbot alternative, has ZeroSSL as their default CA and is poorly documented IMO.
Also, the CA Buypass also offers free ACME certificates and they have a lifetime of 180 days (double that of LE): see Buypass Go SSL - Gratis, enkelt, basert på ACME-standarden | Buypass.com for more info. You can find the ACME API endpoint(s) for usage with the Certbot option
--server here: Buypass GO SSL - Endpoints - Updated 14.05.2020 - Technical Information - Buypass AS
Welcome to the Let's Encrypt Community, Heather!
Even though you're not using cPanel, I believe that given your circumstances you might want to check out my CertSage ACME client. It was specifically designed for those in restrictive situations like yours (e.g. no admin access). As long as you can upload both your certificate and its private key in SSL Manager, CertSage should work great for you. The process of using CertSage on your hosting should be very similar to that of cPanel hosting, so the instructions I have provided for using CertSage should only need to be "translated" a little. It's not complicated, but if you run into any trouble just let us know.
Note: the resulting Let's Encrypt certificate will still need to be renewed using the same process every 90 days. There is no way to acquire a longer certificate from Let's Encrypt.
This seemed to be working so well. I got the certificate etc. up onto the site. Which I thought would be the hard part. With your instructions, not that hard at all. Thank you.
Then I was trying to configure my Wordpress site to use https. Lost connectivity part way through and now I've got warnings about the site being insecure and a message of
The client and server don't support a common SSL protocol version or cipher suite.
Now I'm stuck with a bit of a mess. I have a site with an ssl certificate and https, but no one can actually see the site now.
Well what a pickle.
I have at least got a view of something now. In with a fighting chance.
Looks like the ssl isn't properly on the Wordpress yet, clearing the cache seems to have at least triggered enough to do something I think.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.