Let's Encrypt on SunOS Solaris via ssh

Help
1

Hello,

i have a webhosting plan at the german hoster “strato”.
On this plan i have SSH access.
It runs on SunOS Solaris 11.4.8.5.0.

For the normal Domain i have a single SSL-certificate from the hoster which was included by the plan, but for a subdomain i want to use letsencrypt to have also ssl on staging site.

Is it possible to use letsencrypt certificate on subdomain while theres another certificate on main domain?
And is there a guide to activate letsencrypt on sunOS-systems?

Thank you very much in advance and stay healthy

1 Like
2

Yes

Supposedly GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol supports Solaris, you could give it a go.

2 Likes
3

Thank you for your very quick answer.

I tried to install it, but got following error:

root> curl https://get.acme.sh | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   775    0   775    0     0   1366      0 --:--:-- --:--:-- --:--:--  2719
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  193k  100  193k    0     0   349k      0 --:--:-- --:--:-- --:--:--  352k
[Sat Jul 25 23:50:18  2020] Installing from online archive.
[Sat Jul 25 23:50:18  2020] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Sat Jul 25 23:50:19  2020] Extracting master.tar.gz
[Sat Jul 25 23:50:20  2020] It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'.
[Sat Jul 25 23:50:20  2020] We need to set cron job to renew the certs automatically.
[Sat Jul 25 23:50:20  2020] Otherwise, your certs will not be able to be renewed automatically.
[Sat Jul 25 23:50:20  2020] Please add '--force' and try install again to go without crontab.
[Sat Jul 25 23:50:20  2020] ./acme.sh --install --force
[Sat Jul 25 23:50:20  2020] Pre-check failed, can not install.

Usually cron should be preinstalled on SunOS/Solaris, so do i also need to install any crontab things from a certain website?

1 Like
4

Perhaps try with --force as suggested. The worst that can happen is that you need to add acme.sh --cron to your crontab yourself.

2 Likes
5

Yes i tried that, but seems to not work with sunos

root> curl https://get.acme.sh | sh --force
sh: --force: invalid option
Usage: sh [GNU long option] [option] ...
sh [GNU long option] [option] script-file ...
GNU long options:
--debug
--debugger
--dump-po-strings
--dump-strings
--help
--init-file
--login
--noediting
--noprofile
--norc
--posix
--protected
--rcfile
--restricted
--verbose
--version
Shell options:
-irsD or -c command or -O shopt_option (invocation only)
-abefhkmnptuvxBCHP or -o option
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 775 0 775 0 0 3371 0 --:--:-- --:--:-- --:--:-- 3555
(23) Failed writing body

1 Like
6

Ah, I see.

The --force parameter needs to go to acme.sh. Use the “Install from git” instructions instead of than the “curl | bash” instructions.

So

git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install --force
2 Likes
8

I would not install acme.sh inside /htdocs - your private keys and certificates would end up in there. Most likely you will want to keep this in a home directory or a system configuration directory.

Anyway, it seems you like should be able to run the acme.sh script now.

2 Likes
9

Thank you very much, so im able to use the command ./acme.sh now.

INSTALLATION MESSAGES 
root> ./acme.sh --install --force
[Sun Jul 26 00:38:03  2020] It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'.
[Sun Jul 26 00:38:03  2020] We need to set cron job to renew the certs automatically.
[Sun Jul 26 00:38:03  2020] Otherwise, your certs will not be able to be renewed automatically.
[Sun Jul 26 00:38:03  2020] It is recommended to install socat first.
[Sun Jul 26 00:38:03  2020] We use socat for standalone server if you use standalone mode.
[Sun Jul 26 00:38:03  2020] If you don't use standalone mode, just ignore this warning.
[Sun Jul 26 00:38:03  2020] Installing to /mnt/web123/a0/12/123456/htdocs/.acme.sh
[Sun Jul 26 00:38:03  2020] Installed to /mnt/web123/a0/12/123456/htdocs/.acme.sh/acme.sh
[Sun Jul 26 00:38:03  2020] No profile is found, you will need to go into /mnt/web123/a0/12/123456/htdocs/.acme.sh to use acme.sh
[Sun Jul 26 00:38:04  2020] crontab/fcrontab doesn't exist, so, we can not install cron jobs.
[Sun Jul 26 00:38:04  2020] All your certs will not be renewed automatically.
[Sun Jul 26 00:38:04  2020] You must add your own cron job to call 'acme.sh --cron' everyday.
[Sun Jul 26 00:38:04  2020] Good, bash is found, so change the shebang to use bash as preferred.
[Sun Jul 26 00:38:08  2020] OK

  1. Currently the installation of acme.sh is in /mnt/web123/a0/12/123456/htdocs/, so should i uninstall it and reinstall to another folder? A subfolder in htdocs or what?

  2. The command to create a certificate is then
    ./acme.sh --issue -d staging.mydomain.com --webroot /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com
    ?

1 Like
10

Somewhere where it wouldn't be accessible via a browser. If it's secure in it's current location, then I guess you could keep it there. I'm just used to "htdocs" referring to the document root of a webserver.

That looks right to me.

2 Likes
11

You are so helpfull, thank you so much.
Unfortunatelly i have a verification error:
Verify error:Invalid response
What can i do to find out whats wrong?

12

Quite likely you have given the wrong webroot.

It can be handy to first verify that when you create a file in that webroot, it can be accessed by the browser. For example:

mkdir -p /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com/.well-known/acme-challenge/
echo "hello world" > /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com/.well-known/acme-challenge/test

and then checking that the file can be reached via http://staging.mydomain.com/.well-known/acme-challenge/test

2 Likes
13

I did the code again with --debug maybe it helps:

DEBUG 
root> ./acme.sh --issue -d staging.mydomain.com --webroot /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com --debug
[Sun Jul 26 01:21:36  2020] Lets find script dir.
[Sun Jul 26 01:21:36  2020] _SCRIPT_='./acme.sh'
[Sun Jul 26 01:21:36  2020] _script='/mnt/web123/a0/12/123456/htdocs/.acme.sh/acme.sh'
[Sun Jul 26 01:21:36  2020] _script_home='/mnt/web123/a0/12/123456/htdocs/.acme.sh'
[Sun Jul 26 01:21:36  2020] Using default home:/mnt/web123/a0/12/123456/htdocs/.acme.sh
[Sun Jul 26 01:21:36  2020] Using config home:/mnt/web123/a0/12/123456/htdocs/.acme.sh
https://github.com/acmesh-official/acme.sh
v2.8.7
[Sun Jul 26 01:21:36  2020] Running cmd: issue
[Sun Jul 26 01:21:36  2020] _main_domain='staging.mydomain.com'
[Sun Jul 26 01:21:36  2020] _alt_domains='no'
[Sun Jul 26 01:21:36  2020] Using config home:/mnt/web123/a0/12/123456/htdocs/.acme.sh
[Sun Jul 26 01:21:36  2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sun Jul 26 01:21:36  2020] DOMAIN_PATH='/mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com'
[Sun Jul 26 01:21:36  2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 26 01:21:36  2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Jul 26 01:21:36  2020] GET
[Sun Jul 26 01:21:36  2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Sun Jul 26 01:21:36  2020] timeout=
[Sun Jul 26 01:21:36  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g '
[Sun Jul 26 01:21:37  2020] ret='0'
[Sun Jul 26 01:21:37  2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sun Jul 26 01:21:37  2020] ACME_NEW_AUTHZ
[Sun Jul 26 01:21:37  2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Jul 26 01:21:37  2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sun Jul 26 01:21:37  2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun Jul 26 01:21:38  2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Jul 26 01:21:38  2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Jul 26 01:21:38  2020] ACME_VERSION='2'
[Sun Jul 26 01:21:38  2020] Le_NextRenewTime
[Sun Jul 26 01:21:38  2020] _on_before_issue
[Sun Jul 26 01:21:38  2020] _chk_main_domain='staging.mydomain.com'
[Sun Jul 26 01:21:38  2020] _chk_alt_domains
[Sun Jul 26 01:21:38  2020] Le_LocalAddress
[Sun Jul 26 01:21:38  2020] d='staging.mydomain.com'
[Sun Jul 26 01:21:38  2020] Check for domain='staging.mydomain.com'
[Sun Jul 26 01:21:38  2020] _currentRoot='/mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com'
[Sun Jul 26 01:21:38  2020] d
[Sun Jul 26 01:21:38  2020] _saved_account_key_hash is not changed, skip register account.
[Sun Jul 26 01:21:38  2020] Read key length:
[Sun Jul 26 01:21:38  2020] _createcsr
[Sun Jul 26 01:21:38  2020] Single domain='staging.mydomain.com'
[Sun Jul 26 01:21:38  2020] Getting domain auth token for each domain
[Sun Jul 26 01:21:38  2020] d
[Sun Jul 26 01:21:38  2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Jul 26 01:21:38  2020] payload='{"identifiers": [{"type":"dns","value":"staging.mydomain.com"}]}'
[Sun Jul 26 01:21:38  2020] RSA key
[Sun Jul 26 01:21:39  2020] HEAD
[Sun Jul 26 01:21:39  2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Jul 26 01:21:39  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g  -I  '
[Sun Jul 26 01:21:39  2020] _ret='0'
[Sun Jul 26 01:21:39  2020] POST
[Sun Jul 26 01:21:39  2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Jul 26 01:21:39  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g '
[Sun Jul 26 01:21:40  2020] _ret='0'
[Sun Jul 26 01:21:40  2020] code='201'
[Sun Jul 26 01:21:40  2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/92305986/4376408053'
[Sun Jul 26 01:21:40  2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/92305986/4376408053'
[Sun Jul 26 01:21:40  2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6111080266'
[Sun Jul 26 01:21:40  2020] payload
[Sun Jul 26 01:21:41  2020] POST
[Sun Jul 26 01:21:41  2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6111080266'
[Sun Jul 26 01:21:41  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g '
[Sun Jul 26 01:21:41  2020] _ret='0'
[Sun Jul 26 01:21:41  2020] code='200'
[Sun Jul 26 01:21:42  2020] d='staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] Getting webroot for domain='staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] _w='/mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] _currentRoot='/mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg","token":"tpTBN...XXX"'
[Sun Jul 26 01:21:42  2020] token='tpTBN...XXX'
[Sun Jul 26 01:21:42  2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:42  2020] keyauthorization='tpTBN...XXX.xtO...XXX'
[Sun Jul 26 01:21:42  2020] dvlist='staging.mydomain.com#tpTBN...XXX.xtO...XXX#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg#http-01#/mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] d
[Sun Jul 26 01:21:42  2020] vlist='staging.mydomain.com#tpTBN...XXX.xtO...XXX#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg#http-01#/mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com,'
[Sun Jul 26 01:21:42  2020] d='staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] ok, let's start to verify
[Sun Jul 26 01:21:42  2020] Verifying: staging.mydomain.com
[Sun Jul 26 01:21:42  2020] d='staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] keyauthorization='tpTBN...XXX.xtO...XXX'
[Sun Jul 26 01:21:42  2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:42  2020] _currentRoot='/mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com'
[Sun Jul 26 01:21:42  2020] wellknown_path='/mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com/.well-known/acme-challenge'
[Sun Jul 26 01:21:42  2020] writing token:tpTBN...XXX to /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com/.well-known/acme-challenge/tpTBN...XXX
[Sun Jul 26 01:21:42  2020] Changing owner/group of .well-known to UNKNOWN:customer
[Sun Jul 26 01:21:42  2020] chown: invalid user: 'UNKNOWN:customer'
[Sun Jul 26 01:21:42  2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:42  2020] payload='{}'
[Sun Jul 26 01:21:42  2020] POST
[Sun Jul 26 01:21:42  2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:42  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g '
[Sun Jul 26 01:21:43  2020] _ret='0'
[Sun Jul 26 01:21:43  2020] code='200'
[Sun Jul 26 01:21:43  2020] trigger validation code: 200
[Sun Jul 26 01:21:43  2020] sleep 2 secs to verify
[Sun Jul 26 01:21:45  2020] checking
[Sun Jul 26 01:21:45  2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:45  2020] payload
[Sun Jul 26 01:21:45  2020] POST
[Sun Jul 26 01:21:45  2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:45  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g '
[Sun Jul 26 01:21:46  2020] _ret='0'
[Sun Jul 26 01:21:46  2020] code='200'
[Sun Jul 26 01:21:46  2020] Pending
[Sun Jul 26 01:21:46  2020] sleep 2 secs to verify
[Sun Jul 26 01:21:48  2020] checking
[Sun Jul 26 01:21:48  2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:48  2020] payload
[Sun Jul 26 01:21:49  2020] POST
[Sun Jul 26 01:21:49  2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:49  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g '
[Sun Jul 26 01:21:49  2020] _ret='0'
[Sun Jul 26 01:21:49  2020] code='200'
[Sun Jul 26 01:21:49  2020] staging.mydomain.com:Verify error:Invalid response from http://staging.mydomain.com/.well-known/acme-challenge/tpTBN...XXX [2a01:238:20a:202:1172::]:
[Sun Jul 26 01:21:49  2020] Debug: get token url.
[Sun Jul 26 01:21:49  2020] GET
[Sun Jul 26 01:21:49  2020] url='http://staging.mydomain.com/.well-known/acme-challenge/tpTBN...XXX'
[Sun Jul 26 01:21:49  2020] timeout=1
[Sun Jul 26 01:21:49  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g  --connect-timeout 1'

[THE WHOLE WORDPRESS WEBSITE INDEX CODE]

[Sun Jul 26 01:21:52  2020] ret='0'
[Sun Jul 26 01:21:52  2020] Debugging, skip removing: /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/staging.mydomain.com/.well-known
[Sun Jul 26 01:21:52  2020] pid
[Sun Jul 26 01:21:52  2020] No need to restore nginx, skip.
[Sun Jul 26 01:21:52  2020] _clearupdns
[Sun Jul 26 01:21:52  2020] dns_entries
[Sun Jul 26 01:21:52  2020] skip dns.
[Sun Jul 26 01:21:52  2020] _on_issue_err
[Sun Jul 26 01:21:52  2020] Please add '--debug' or '--log' to check more details.
[Sun Jul 26 01:21:52  2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun Jul 26 01:21:52  2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:52  2020] payload='{}'
[Sun Jul 26 01:21:52  2020] POST
[Sun Jul 26 01:21:52  2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6111080266/-hiarg'
[Sun Jul 26 01:21:52  2020] _CURL='curl -L --silent --dump-header /mnt/web123/a0/12/123456/htdocs/.acme.sh/http.header  -g '
[Sun Jul 26 01:21:53  2020] _ret='0'
[Sun Jul 26 01:21:53  2020] code='400'
[Sun Jul 26 01:21:53  2020] socat doesn't exist.
[Sun Jul 26 01:21:53  2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k  26 Jan 2017
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:

Inside of the folder my-staging-site there is already a wordpress-installation.
Now after that code there was created new subfolders which was not there before named:
/mysites/my-staging-site/staging.mydomain.com/.well-known/acme-challenge/
Inside this folder there is a file:

Name: tpTBNPB6zZukF…
Filesize: 87 Bytes

14

What's happening here is that acme.sh is creating the file in that folder, but it's not actually accessible from your browser - WordPress' index.php is intercepting it. Let's Encrypt needs to be able to request that file.

There can be a number of reasons for that: maybe some rewrite rules/.htaccess prevents it being read, maybe a permissions issue.

Try to access the file yourself in your browser, and try see what you need to change to make the file accessible.

1 Like
15

Thank you so much, i disabled the rewrite rule in htaccess. Still not working, then i changed the command a little bit to:
./acme.sh --issue -d staging.mydomain.com --webroot /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/
(i deleted the url at end) now i got success messages:

root> ./acme.sh --issue -d staging.mydomain.com --webroot /mnt/web123/a0/12/123456/htdocs/mysites/my-staging-site/
[Sun Jul 26 01:45:53 2020] Single domain='staging.mydomain.com'
[Sun Jul 26 01:45:53 2020] Getting domain auth token for each domain
[Sun Jul 26 01:45:56 2020] Getting webroot for domain='staging.mydomain.com'
[Sun Jul 26 01:45:56 2020] Verifying: staging.mydomain.com
[Sun Jul 26 01:46:00 2020] Success
[Sun Jul 26 01:46:00 2020] Verify finished, start to sign.
[Sun Jul 26 01:46:00 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/923.../43766...
[Sun Jul 26 01:46:02 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/0366c6...
[Sun Jul 26 01:46:03 2020] Cert success.
-----BEGIN CERTIFICATE-----

CODE GIBBERISH

-----END CERTIFICATE-----
[Sun Jul 26 01:46:03 2020] Your cert is in /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/staging.mydomain.com.cer
[Sun Jul 26 01:46:03 2020] Your cert key is in /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/staging.mydomain.com.key
[Sun Jul 26 01:46:03 2020] The intermediate CA cert is in /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/ca.cer
[Sun Jul 26 01:46:03 2020] And the full chain certs is there: /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/fullchain.cer

EDIT: Unfortunatelly i still get "Error code: SEC_ERROR_BAD_SIGNATURE"

1 Like
16

Right. You've issued the certificate, which is step one.

The second step is telling your webserver to use it!

This depends on your hosting environment, which only you know how it works. How do you typically configure your webserver?

2 Likes
17

Ah good to know. the Hoster "strato" has an own webbased administration/configuration menu.
What settings do you mean? DNS? Domain?

1 Like
18

The SSL settings - and the devil is in the details.

With your own web server (like Apache), you would just point the webserver at your certificate and private key, like e.g.

SSLCertificateFile /mnt/web123/a0/12/123456/htdocs/.acme.sh/staging.mydomain.com/fullchain.cer

If your hosting panel can take a certificate and private key path, you could configure it with that path.

If the hosting panel requires you to upload the certificate and private key, things are a little more complicated because uploading to a web panel is hard to automate without some kind of bespoke script. You can upload those files by hand but it’s not recommended to use Let’s Encrypt that way.

If your hosting panel doesn’t let you configure SSL at all, then you’re out of luck entirely.

3 Likes
19

Thanks for clearing out.
The Hoster does offer SSL-Settings but very downgraded.
Its just able to set SSL on or off and if you want to set it on you have to buy a certificat of the hoster.
But i found a blog article of the hoster where they wrote its possible to use lets encrypt on apache servers so it should also possible on the webserver here.
I think i have to write to the support of the hoster to get more informations.

Thank you so much for all your help!

2 Likes
20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.