Installation help for a non-technical person?


#1

I have classic (not cpanel) Linux deluxe hosting with GoDaddy (I know, I know), with several subdomains. I would like to use Let’s Encrypt for just one of the subdomains that is running a Simple Machines forum.

I’ve been reading instructions on how to install Encrypt and it’s all greek (geek?) to me. I’m not even sure I can use it in a subdomain.

Does anyone here know if that’s possible? If so, are there instructions on how to set all of this up for someone who really has very little technical skills or knowledge? I’ve gotten as far as turning on SSH for my hosting, downloaded something called openssh-7.2 but have no idea what to do with it or how to proceed from there. Again I’m not very technical, but I’m very good at following instructions. :slightly_smiling:

I really would love to get Let’s Encrypt installed, it sounds perfect for what I need to protect logins, user names, etc. from prying eyes.

Thanks ~


#2

I’ve gotten as far as turning on SSH

You have ssh access now, right ? You must have username/password of the server, not your Godaddy account username/password.

downloaded something called openssh-7.2

You should use Putty, or Xshell to connect to your server via SSH, with your ssh username/password.

After you log in, you will have a shell access.

Then you can try my client: https://github.com/Neilpang/le.git

you just need 3 minutes to use.

If you don’t have Git installed on the server, you can download the source code https://github.com/Neilpang/le/archive/master.zip

curl -LO  https://github.com/Neilpang/le/archive/master.zip

or

wget  https://github.com/Neilpang/le/archive/master.zip

Then unzip the source:

unzip master.zip

Then install:

cd le-master/
./le.sh install

Then you can issue cert now.

please refer to the readme: https://github.com/Neilpang/le


#3

Neilpang[quote]
You must have username/password of the server, not your Godaddy account username/password.
[/quote]

Hi Neilpang, thanks for the reply. When you say access the server, you mean my “portion” of the shared server at GD, not the entire server, correct? If that’s the case, then yes I do and then there’s a good possibility this can be done.

I’m going to devote today (all day, if that’s what it takes) to get this up and running. I’ll let you know if I have questions, will update, etc.

I’ve seen in other posts that it is possible to install LE into a Godaddy site (but with a cpanel), so I’m feeling optimistic. Thanks again.

Oh, and I just looked up putty and xshell and it seems they’re for Windows. I’m on Mac. I’ll look for something comparable.


#4

Three minutes to learn… if you know what you’re doing. :sweat:

I ended up using Mac’s Terminal to connect, upload, unzip master.zip in the web root, ran ./le.sh install and got this:

-bash-3.2$ ./le.sh install
Installing to /var/chroot/home/content/00/1051xxxx/.le
Installed to /var/chroot/home/content/00/1051xxxx/.le/le.sh
No profile is found, you will need to go into /var/chroot/home/content/00/1051xxxx/.le to use le.sh
Installing cron job
./le.sh: line 1052: /usr/bin/crontab: Permission denied
./le.sh: line 1059: /usr/bin/crontab: Permission denied
./le.sh: line 1059: /usr/bin/crontab: Permission denied
OK

I’m guessing permission denied is a problem, correct?

I went to /var/chroot/home/content/00/1051xxxx/ and what’s in there is: crontab data htconfig html scctmp tmp, but no .le .

When I went to the README, How to use/Which does 3 jobs/Show help message (what does that mean?) I got totally lost. They appear to be commands I can run if I get le.sh working, but I don’t suppose I can do anything if le.sh has not installed properly…

Advice? Honestly, this is not the least bit intuitive for me. Anything beyond straight ftp is new territory.


#5

.le is a hidden folder. you must use ls -l to see it.

Or directly cd in it:

cd  /var/chroot/home/content/00/1051xxxx/.le

./le.sh 

Never mind the “Permission denied” error for the crontab, Let’s jump over it for now.

Please let me know what you get there.

Thanks.


#6

Well! I don’t know what time zone you’re in–I decided to give this a try before calling it a day so we probably won’t move to the next step for several hours. But look what appeared! :grinning: When we walk through the certificate issuance, will that cover all subdirectories in my root? All domains? Hopefully you’ll guide me through that. And then there will eventually be install instructions here for other unsupported GD customers using shared hosting that can’t come up the $150/year GD wants for a certificate.

-bash-3.2$ ./le.sh


v1.1.8
Usage: le.sh [command] …[args]…
Avalible commands:

install:
Install le.sh to your system.
issue:
Issue a cert.
installcert:
Install the issued cert to apache/nginx or any other server.
renew:
Renew a cert.
renewAll:
Renew all the certs.
uninstall:
Uninstall le.sh, and uninstall the cron job.
version:
Show version info.
installcronjob:
Install the cron job to renew certs, you don’t need to call this. The ‘install’ command can automatically install the cron job.
uninstallcronjob:
Uninstall the cron job. The ‘uninstall’ command can do this automatically.
createAccountKey:
Create an account private key, professional use.
createDomainKey:
Create an domain private key, professional use.
createCSR:
Create CSR , professional use.


#7

Good, let’s start to issue certificate:

./le.sh   issue     /path/to/your/webroot/      aa.com 

aa.com should be your domain.


#8

Sorry, I just saw your response. I didn’t get an email notice this time.

So this is what I get. Let me know if you need more information as to how this domain name and subdirectory are set up (if it makes a difference, that invalid response makes me thing something’s not right).

-bash-3.2$ ./le.sh issue /home/content/00/1051xxxx/html/ smf2.ga
Creating account key
Use default length 2048
Account key exists, skip
Creating domain key
Use length 2048
Creating csr
Single domain=smf2.ga
Registering account
Already registered
Verify each domain
Geting token for domain=smf2.ga
Verifying:smf2.ga
smf2.ga:Verify error:Invalid response from http://smf2.ga/.well-known/acme-challenge/VnxiwNbxEHPaIAIZjci4UWc6S4En-5VCbACA5cDdKZk [myserver#here]: 404
-bash-3.2$

Update: I took a look in:
-bash-3.2$ cd smf2.ga
-bash-3.2$ dir
smf2.ga.conf smf2.ga.csr smf2.ga.key
-bash-3.2$

So it looks (maybe?) like I’m close to being able to use the cert?


#9

Yes, you are very close.

It seems that the only problem there is the url is not accessable:

http://smf2.ga/.well-known/acme-challenge/VnxiwNbxEHPaIAIZjci4UWc6S4En-5VCbACA5cDdKZk

Please make sure the web root folder is correct:

/home/content/00/1051xxxx/html/

Write a simple file in this folder:

cd /home/content/00/1051xxxx/html/

echo "this is a test" > a.txt

Then try this url:

http://smf2.ga/a.txt

Can you get the text ?

Thanks.


#10

The web root folder is correct. When I CD to it, DIR lists smf2 in it.
This may be the problem:
The domain name smf2.ga is a free domain considered a “hosted domain” by GoDaddy. So there is a subdirectory named /smf2 under my primary hosting and the domain name is pointed to that subdirectory.

When I wrote the file in the folder and went to
http://smf2.ga/a.txt in a browser, I ended up with
"Not Found
The requested URL /smf2/a.txt was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request."


#11

Yes,

Is there a sub folder ?

/home/content/00/1051xxxx/html/smf2

Then your real webroot should be this one, not the “/home/content/00/1051xxxx/html/”

Please use this new folder and try again.


#12

http://smf2.ga/a.txt: this is a test

So do I back up a step and issue the cert under the new, extended url/path/webroot?


#13

Yes, Just do it.

You are almost there.


#14

Last night, as hard as I tried, I couldn’t get it to work. So this morning I removed LE and related files from the server and started all over again, but now installing in the subdomain root. I got this (yay!):

-bash-3.2$ ./le.sh issue /var/chroot/home/content/00/1051xxxx/html/smf2/ smf2.ga
Creating account key
Use default length 2048
Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Creating domain key
Use length 2048
Creating csr
Single domain=smf2.ga
Registering account
Registered
Verify each domain
Getting token for domain=smf2.ga
Verifying:smf2.ga
Success
Verify finished, start to sign.
Cert success.
-----BEGIN CERTIFICATE-----
characters here
-----END CERTIFICATE-----
Your cert is in /var/chroot/home/content/00/1051xxxx/.le/smf2.ga/smf2.ga.cer
The intermediate CA cert is in /var/chroot/home/content/00/1051xxxx/.le/smf2.ga/ca.cer
-bash-3.2$

[I’ll continue to look through the manual/documentation for the next step.]
Nah, I don’t get it.
I’ll wait for you.


#15

It seems that you successfully issued the cert, right ?

Any more problem ?


#16

Yes successfully issued, but the web site is not coming up as secure. https://smf2.ga/
Is there another step or should it be working?

From Firefox:
“An error occurred during a connection to smf2.ga.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)”

"The page you are trying to view cannot be shown
because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem."

From Chrome and Opera:
“SSL connection error
Unable to make a secure connection to the server.
This may be a problem with the server,
or it may be requiring a client authentication certificate that you don’t have.”

Also I just saw this other thread, are people supposed to be automatically
redirected to https from the http address?


#17

You should contact your Godaddy support for how to deploy the certificate.


#18

So this is not a necessary step in the process?

Install issued cert to apache/nginx etc.
le installcert aa.com /path/to/certfile/in/apache/nginx
/path/to/keyfile/in/apache/nginx
/path/to/ca/certfile/apache/nginx
"service apache2|nginx reload"


#19

Please contact godaddy sopport, and ask them for how to deploy your cert.
I think there is nothing you can do now.


#20

Godaddy says they will not support Letsencrypt certs but I am welcome to figure it out on my own. :scream:

What command should I execute on the Letsencrypt installation, after the “le issue” command execution according to the written instruction ?