I want to switch from Zero|SSL to Let's Encrypt. I've no idea what httpd or OS my web host (nearlyfreespeech.net) uses. How to I proceed to get a certbot certificate?
If I read Frequently Asked Questions - NearlyFreeSpeech.NET correctly, your hosting provider does not offer a VPS nor root access to the servers? So I'm puzzled by the answer you've given in this question to be honest.
Also, how would you get a ZeroSSL certificate to begin with? I'm not familiar with your situation, so can't answer how to change to Let's Encrypt, if that's even possible.
I've had the ZeroSSL certificate for 86 days. Last Sunday I renewed it
(supposed to be for both with- and without www) but apparently it applied to
only one version. I asked them for clarification but saw no response. So now
I want to work with a group that's responsive.
How? Please provide more details in your answers. With every answer you're about to give, you should ask yourself: "Could I provide MORE details?" and if the answer to that question is "yes", then you probably should. (Generic tip for when you're asking for help on forums on the internet.)
On the FreeSSL web site I clicked on my domain name, answered all the
questions, downloaded the .zip file containing the new ca_bundle.crt,
certificate.crt, and private.key. Using emacs I combined all three files
into a single buffer. Then I logged in my NFS account and uploaded the three
files using the TLS upload window.
I would not recommend using such sites to get a certificate, especially not if you're not using a CSR and you're not sure if the site has access to the generated private key (which would be BAD).
Please see the following FAQ regarding Let's Encrypt certificates on your hosting providers website: FAQ - NearlyFreeSpeech.NET
I would not recommend using such sites to get a certificate, especially
not if you're not using a CSR and you're not sure if the site has access
to the generated private key (which would be BAD).
Osiris,
The certs from FreeSSL have worked just fine since last September. My reason
for changing is the unexplained issue they threw up when I renewed the
certs.
Please see the following FAQ regarding Let's Encrypt certificates on your
hosting providers website: FAQ - NearlyFreeSpeech.NET
Thanks. I didn't see that one. Makes it very easy to replace the expiring
certs with ones from Let's Encrypt.
Sure, the certs aren't the problem. But the lack of control over the private key and the fact it can't be automates are.
What unexplained issue would that be? You said suddenly the www subdomain (or the other) was gone? Isn't that an issue when filling out the info on the site when requesting a new cert?
I hope so! Apparently, it should also renew automatically!
No. That's now what I wrote. On Nov 6 I renewed the certs for what I thought
was both versions of the same domain name. Then on Nov 13 they sent a
message that I had a cert expiring this coming Sunday. When I logged in they
showed a renewed and an expiring site: both shown as appl-ecosys.com. So I
could not determine which flavor was supposed to be expiring and, in any
case, the one certificate was supposed to cover both flavors. A message I
sent asking for clarification was not answered. So tomorrow I'll let NFS
create and install a Let's Encrypt certificate.