Is enabling root access and SSH access the same thing?


#1

Hi,

I read online that sometimes shared hosting providers give temporary SSH access on a shared hosting plan. I wanted to know if root access and SSH are the same thing so I can ask GoDaddy to temporarily enable it for me. Just to confirm my understanding, I will need this in order to do an auto-SSL on Let’s Encrypt, correct?

Your Friend in Let’s Encrypt,
Brody James


#2

Root access and SSH access are not the same things. SSH allows you to access the system in a secure (in terms of having encrypted channel between you and your server) way, but what sort of rights you will have on that server once connected - that’s different matter. Those rights define what you are allowed to do - in case of the “root” that would be basically everything. It is very unlikely that you will be given that sort of access on a shared hosting.

To some extent you can think of all this as an access to an elite club - you might get through the door (SSH), but what you will be allowed to do after that might depend on your membership level. And if you’re a VIP (root) - well, lucky you :slight_smile:


#3

Thanks for the explanation leader. It was very clear. Do I need root access for auto-renewing Lets Encrypt? Is there any way I can do without root access in GoDaddy’s shared hosting cPanel? Why does Lets Encrypt auto-renew need root access?

Cheers
BJ


#4

Let’s Encrypt does not need a root access. Some Let’s Encrypt clients though may need to make appropriate changes (related to enabling SSL) to the configurations of your web server. However, in “standalone” mode the official client should not need that and many alternative clients do not need that either.


#5

leader, thanks for responding. I value your insight. Just to clarify, Let’s Encrypt doesn’t need root access on any level? Even to setup 90 day auto-renew?

Cheers
Brody


#6

It is very common for some steps that need to happen on renewal to only be possible for people with certain rights. Root would have those rights, and your user may not. If you have shared hosting, they won’t have given you such rights, because they could interfere (even by mistake) with other people sharing the same hosting. In particular, you will most likely need extra rights to install a certificate in the web server after successfully requesting it, and to reload or restart the web server when a certificate is updated, as will happen during renewal.

So, probably for GoDaddy you will not be able to make everything completely automatic without help from GoDaddy. There isn’t much we can do about this, sorry.


#7

Thank you for your response tialaramex. As leader mentioned and after further thinking, in 1 min or so I can have the cert renewed manually every 90 days. I think I would like to take on this responsability even though I was opposed it. It’s better than spending 6-7 bux extra per month. Do you know how I can have e-mail reminder setup to tell me a week before it will expire, every 90 days?

Cheers tialaramex,
Brody James


#8

So long as you tell Let’s Encrypt a valid email address when you sign up to use the system, it will automatically tell you about any certificates which are expiring soon unless somebody has requested a newer certificate for the exact same set of names (in which case it presumes they will now use this newer certificate).


#9

Thanks tialaramex. Will this e-mail ever be made public by Let’s Encrypt? Is there any contact info that Let’s Encrypt makes public?

Cheers
BJ


#10

The email address you provide will be kept private and will only be used for renewal notifications and major service announcements (such as breaking changes that might require action on your end). Other information, like your domain names, IP addresses of your server or the device you’re using to obtain a certificate, is public or might be made public in the future. More details in the privacy policy (which is surprisingly readable even for non-legal audiences :smile:).


#11

Thanks. It’s nice and short

Brody


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.