Install certificate on WP with FTP Acess

My domain is:
My web server is (include version): No idea
The operating system my web server runs on is (include version): No idea
My hosting provider, if applicable, is: the university
I can login to a root shell on my machine (yes or no, or I don't know): no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

Our department page is done with WordPress, so we installed the "WP Encryption - One Click SSL & Force HTTPS" plugin to help generating and using the certificate. I downloaded the http challenge's verification file and put it in the right folder via FTP. However, when I try to verify, it says "HTTP verification not possible on your site as your hosting server blocks bot access. Please proceed with DNS verification." Is there any hope? We don't have access to any panel like cPanel.

If you have no access at all to the server, control panel, or configuration, you might be able to obtain a certificate but you won't be able to install it.

If this is the kind of access you have, I'd say getting a certificate is not your job. Ask whoever controls the webserver to get and install a certificate for you.


Hello @martinelli, welcome to the Let's Encrypt community. :slightly_smiling_face:

I am guessing Apache/2.4.29 (Ubuntu)

$ curl -Ii
HTTP/1.1 404 Not Found
Date: Thu, 21 Sep 2023 18:18:22 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <>; rel=""
Content-Type: text/html; charset=UTF-8

Actually, it is. The tech support told us "get the certificate and put it in /cert folder via FTP using this nameXXX.crt". But I decided to try using the WordPress plugin. What do you think? Is it possible?

Possible, it could be. It looks very complicated, tho.

And I hope that /cert folder isn't accessible from outside.

Also, I have no idea why your plugin is saying "your hosting server blocks bot access"

That's just untrue:

% docker run -i certonly --register-unsafely-without-email --agree-tos --staging --manual -d ''
Account registered.
Requesting a certificate for

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:


And make it available on your web server at this URL:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Type:   unauthorized
  Detail: Invalid response from 404

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Thanks for the reply.

Definitively /cert is not accessible from outside.

I used another server which I have ssh access and certbot to run the same command you wrote, created the file following the instructions and it worked. Now I have four files, which I have no idea what to do (cert.pem, chain.pem, fullchain.pem and privkey.pem). The tech support orientation is:

The files (certificates and keys) must be placed in the “cert” directory, in the root of your FTP.

A – The intermediate certificate, with the name “intermediate<year>.crt”;
E.g: intermediate2022.crt

B – The certificate key in the format “<site name><month>-<year>.key”;
E.g.: mysite-01-2022.key

C – The certificate with the name “<site name><month>-<year>.crt”.
E.g.: mysite-01-2022.crt

Any ideas, or should I contact them?

1 Like

if you want to follow their instructions, intermediate is chain.pem. (It can change just as often as cert.pem -- don't reuse it).

I don't like how they're handling this, but if it works, it works.


Well, it doesn't. I used chain.pem as intermediate, fullchain.pem as the certificate, and privkey.pem as the .key file.

There's another part of the instruction (that I ommited and ignored) saying that we should ask for the certificate using a .csr file, which I have, but I used nowhere...

I know I've bothered you a lot already, but I think we're doing some progress. Thank you!

1 Like

Use cert.pem as certificate, fullchain is just cert+chain.

If they want to use a crs it makes no sense they would ask you to upload the private key. But there is of course a way to get the certificate using a csr, it's usually not advisable and I have no idea if that wordpress plugin supports it.

There is no good reason for you to have to do this. This is the provider's job.


Ok. Just one last shot. How do I get a certificate using a csr? If it doesn't work I'll complain with them tomorrow in person.

Thanks again!

Using an Acme client that can do so. Certbot can, but you lose automatic renewal, so we usually discourage doing so.

When complaining, make them realise that they are in a position to get certificates for every website they host, automatically. It's a lot easier when you control the whole server.


Just a quick update. I managed to create the certificate using a csr, and then it didn't work either. The following day I complained with them, and they replied with "Oh, we noticed you're using Let's Encrypt, so we regenerated the certificate for you and set up the automatic renewal"... ¬¬

...and now it's working.

Thank you @9peppe and @Bruce5051 for the help!


Ahahahah. Cool.

Still to be answered why they aren't doing this by default.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.