I also did the following : wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto ./certbot-auto --help
and I get the following:
"sudo" is not available, will use "su" for installation steps...
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.
Help for certbot itself cannot be provided until it is installed.
--debug attempt experimental installation
-h, --help print this help
-n, --non-interactive, --noninteractive run without asking for user input
--no-bootstrap do not install OS dependencies
--no-self-upgrade do not download updates
--os-packages-only install OS dependencies and exit
-v, --verbose provide more output
-q, --quiet provide only update/error output;
implies --non-interactive
All arguments are accepted and forwarded to the Certbot client when run.
I tried to install pip using python:
first download: wget https://bootstrap.pypa.io/get-pip.py
and then: python get-pip.py
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Collecting pip
/tmp/tmpyVGsl1/pip.zip/pip/vendor/requests/packages/urllib3/util/ssl.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see Advanced Usage - urllib3 2.1.0 documentation.
/tmp/tmpyVGsl1/pip.zip/pip/vendor/requests/packages/urllib3/util/ssl.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see Advanced Usage - urllib3 2.1.0 documentation.
Downloading pip-9.0.1-py2.py3-none-any.whl (1.3MB)
100% |################################| 1.3MB 867kB/s
Collecting wheel
Downloading wheel-0.29.0-py2.py3-none-any.whl (66kB)
100% |################################| 71kB 9.8MB/s
Collecting argparse; python_version == "2.6" (from wheel)
Downloading argparse-1.4.0-py2.py3-none-any.whl
Installing collected packages: pip, argparse, wheel
Exception:
Traceback (most recent call last):
File "/tmp/tmpyVGsl1/pip.zip/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/tmp/tmpyVGsl1/pip.zip/pip/commands/install.py", line 342, in run
prefix=options.prefix_path,
File "/tmp/tmpyVGsl1/pip.zip/pip/req/req_set.py", line 784, in install
**kwargs
File "/tmp/tmpyVGsl1/pip.zip/pip/req/req_install.py", line 851, in install
self.move_wheel_files(self.source_dir, root=root, prefix=prefix)
File "/tmp/tmpyVGsl1/pip.zip/pip/req/req_install.py", line 1064, in move_wheel_files
isolated=self.isolated,
File "/tmp/tmpyVGsl1/pip.zip/pip/wheel.py", line 345, in move_wheel_files
clobber(source, lib_dir, True)
File "/tmp/tmpyVGsl1/pip.zip/pip/wheel.py", line 316, in clobber
ensure_dir(destdir)
File "/tmp/tmpyVGsl1/pip.zip/pip/utils/init.py", line 83, in ensure_dir
os.makedirs(path)
File "/usr/lib64/python2.6/os.py", line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 30] Read-only file system: '/usr/lib/python2.6/site-packages/pip-9.0.1.dist-info'
You're in a shared hosting environment. Most likely you don't have root access to Apache or nginx. So "manually" getting a certificate through certbot certonly or using acme.sh won't do you any good: you have a certificate now (jeej), but you can't install it into Apache or nginx! Because that requires root.
BUT!
You say you have cPanel access. cPanel has a few options for TLS/SSL: some providers provide the AutoSSL Let's Encrypt plugin. This should do everything for you, including the issuing.
But if the Let's Encrypt plugin isn't installed (ASK YOUR SERVICE PROVIDER FOR IT!), you might be able to install the certificate you got issued just now with acme.sh through other cPanel TLS interface sections.
Forcing something is almost never the right option! This may end up issuing a new certificate every day! How to renew with acme.sh is explained on the acme.sh README.. In step 1.2 to be exact. It renews automatically when you re-run the application.
so basically, I have to include this line in my cron job list on Godaddy CPanel: 0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null
so that the renewing will be done automatically. right?
Regarding the installation of the certs, I think I should do them manually.
There is a tuto on this here: https://www.redpacketsecurity.com/use-lets-encrypt-go-daddys-shared-hosting-platform/
the Part 2 explains how to upload the cert to the ssl manager.
Once I upload it and install it, will the renewal be automatic, given that the cron job is configured as well?
I mean, I am afraid, manually adding the cert to the ssl manager, and creating .well-known/… directory in the domain directory will not smoothly follow the automatic recognition and renewal? or maybe i am totally wrong.
Could you please confirm if it is correct if i do so?
thanks
if following the above method, where can I find the acme challenge?
so that I can put it in .well-known\acme-challenge,
when I ran the ./acme.sh --install, i got this:
[Sun May 14 04:57:10 MST 2017] Registering account
[Sun May 14 04:57:12 MST 2017] Registered
[Sun May 14 04:57:13 MST 2017] Update success.
[Sun May 14 04:57:13 MST 2017] ACCOUNT_THUMBPRINT=‘m8hYX5sdLKvlyPKgPbrRMJrzGTssUhMe6Og5P05POME’
[Sun May 14 04:57:13 MST 2017] Creating domain key
[Sun May 14 04:57:13 MST 2017] Single domain=‘example.com’
[Sun May 14 04:57:13 MST 2017] Getting domain auth token for each domain
[Sun May 14 04:57:13 MST 2017] Getting webroot for domain=‘example.com’
[Sun May 14 04:57:13 MST 2017] Getting new-authz for domain=‘example.com’
[Sun May 14 04:57:14 MST 2017] The new-authz request is ok.
[Sun May 14 04:57:14 MST 2017] Verifying:example.com
[Sun May 14 04:57:18 MST 2017] Pending
[Sun May 14 04:57:20 MST 2017] Success
[Sun May 14 04:57:20 MST 2017] Verify finished, start to sign.
[Sun May 14 04:57:21 MST 2017] Cert success.
where is the acme challenge?
is it the ACCOUNT_THUMBPRINT?
Although renewal with regard to the issuing of the cert with acme.sh might be fully automatic, the installation of the certificate, which you have done manually won't be automatic.
That's why specific plugins of cPanel are most of the time a "better" method: the plugin will issue and install the certificate automatically.