Manual creation of http validation

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: abernet.com

I ran this command: none as yet

It produced this output: none as yet

My web server is (include version): hosted apache

The operating system my web server runs on is (include version): linux but not sure yet

My hosting provider, if applicable, is: TSOHost

I can login to a root shell on my machine (yes or no, or I don't know): I don't know yet

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): moving to cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): none

My hosting provider is "upgrading" its servers and migrating our websites to a new environment. In doing so they are dropping support for Lets Encrypt. Is there a way to generate the validation file(s) for HTTP validation manually whilst I look to move hosting company?
They are moving to a cpanel hosting and I don't know yet if I will have access to SSH. They probably won't be enabling use of certbot and they don't have any DNS api for using DNS validation.

1 Like

Yes, but it's probably easier to use the dns challenge, if you're going for manual.

If you want to do it, you can read the certbot documentation to discover how, or,

  • you can use an acme client that can use a webroot over ftp.
  • you can use CertSage (search this forum)
3 Likes

Thanks for the reply. I'd ruled out using dns challenge as they don't have an api and I don't thing they are going to support certbot. Haven't come across CertSage in my research so far so thanks for the suggestion. I will look it up and have another look at the certbot docs as well.

1 Like

That is only required when automating. You can use manual DNS and enter TXT records yourself. You said you were looking for a temp solution while you searched for new hosting company. This might be easiest.

It looks like your hosting service has already moved to something else. Your site is not serving a valid cert:

And, you said they were "dropping support for Lets Encrypt". But, I don't see any record of past Let's Encrypt certs for your domain:

Given this, I think you are better off just getting a new hosting service and don't worry about a temp solution. Let's Encrypt has these suggestions

3 Likes

Sorry, I picked the one domain with no cert. gritstonecycles.co.uk should have a history.

Would be happy to enter TXT records but how do I generate the entry for the TXT record?

When you run the manual DNS method certbot will show you the data to enter. You then go to your DNS panel and enter that value.

The gritstonecycles.co.uk still has 24 days before cert expiry. Can't you just find a better hosting service by then?

3 Likes

I probably can sort out alternative hosting in the time, just trying to cover all the bases.

To run the manual method using certbot it would have to be available for me to run via SSH or similar if I understand it correctly. Or do I need to set up a local server.

Your scenarios are getting confusing for me. Have you discussed migration with your hosting service? Your first post was more guesses about what they will do. Are they taking away your current method for getting certs? Maybe they can clarify migration.

Yes, if using certbot you need shell access or a machine to run it on. It saves the certs on the machine it runs on. Does not have to be the same as your server but then you need a way to transfer the certs to it.

It might be worth reviewing this:

UPDATE: @JemC And, maybe review this too:
https://eff-certbot.readthedocs.io/en/stable/using.html#manual

3 Likes

Sorry if its confusing. I'm confused about it. And I started out reviewing the LE Getting Started.
Have discussed migration with hosting company.
Definitely not supporting LE or automated way of updating certificates (unless buying one from them).
Until migrated I don't know exactly what features I will have.
Will know more in the next few days but thanks for your help so far.

Welcome to the Let's Encrypt Community, John :slightly_smiling_face:

If you're using cPanel, you can simply use CertSage, the ACME client that I authored.

3 Likes

Hi griffin. Yes I'm just looking at that as per the suggestion from 9peppe above. Think it will work well for what I need in the short term. Looks good thanks.

3 Likes

If you run into any trouble, just let us know. :slightly_smiling_face:

3 Likes

As a sneak preview, I have plans to add command line execution support for CertSage in an upcoming release, which will allow CertSage to be executed by automation methods, such as crontabs... :smiley:

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.