Misinformation on website

Help
3

Where is the misinformation? Certbot can automate certificate issuance and install it automatically. And it’s quite user friendly too. There’s no lie in it!

But if someone really really really isn’t comfortable to use the command line interface, it’s probably not wise to use certbot, as it’s a command line interface program. It also assumes some basic knowledge of the operating system in question. Like, do you run Apache or nginx? Which Linux distribution is used? For someone with root access to the server, one would assume to know that kind of information.

You’ll have to decide for yourself if you’re comfortable enough to run command line programs or not.

1 Like
4

The offer for Certbot says " It can automate certificate issuance and installation with no downtime.“How is the certificate AUTOMATICALLY installed if the user cannot write the required commands into the shell? How is that true if the applicant still has to write some unknown command into to some unknown place?
I’m operating a godaddy Go Central site builder with no idea as their Apache, Linux, nginx or other system nor where I’d go to find the location for the insertion of some command.
Again: The offer says " It can automate certificate issuance and installation with no downtime.” There’s no mention of what you suggest: But if someone really really really isn’t comfortable to use the command line interface, it’s probably not wise to use certbot, as it’s a command line interface program. It also assumes some basic knowledge of the operating system in question. Like, do you run Apache or nginx? Which Linux distribution is used? For someone with root access to the server, one would assume to know that kind of information.
THERE IS THE MISINFORMATION!
I need an SSL. Godaddy allows Certbot and Let’s Encrypt but does not offer installation service which is why the Certbot “automated” offer seemed applicable.
LuigiK

5

It says it can… It doesn’t say “think of ‘certificate’ and a magical fairy will blow onto your server and with that install certbot and make it run without any help of the user at all”.

I’m not sure I like your attitude. The word “can” is key here. certbot can do all those things. It can automate everything, once it is properly set up. And obviously, it should have the appropriate rights. Most of the time, for full functionallity, you’d want to run certbot as root.

The sentence “It can automate certificate issuance and installation with no downtime.” doesn’t say you won’t have to do anything at all.

1 Like
6

Hi,

Check this out, Welcome to the Certbot documentation! — Certbot 2.7.0.dev0 documentation. This has the documentation anybody need to obtain a cert in command line.

let's encrypt provide several method to obtain ssl and there is one that doesn't need to involve with command line . Check sslforfree.com for graphic way to obtain the cert.

Thanks
Steven Zhu

7

Well, I guess “automatically” means different things to different people. Semantics . . . So, in fact, certbot cannot issue and file the SSL certificate automatically, but just as with Let’s Encrypt, somebody has to manually apply the information to something, somewhere. Let’s not assume that everybody is a computer techie with knowledge of all the codes etc and state straight out that Certbot does NOT automatically set up the certificate.
And your condescending “Magic Fairy” comparison does not enhance your attitude.
LuigiK

8

It (can be) close to as automated as possible: Namely installing it and running one command per certificate.

I don’t think it would be desirable to be much more automated than that, at least by default.

9

certbot has to be installed somehow. That's the first "hurdle" which cannot be automated without human intervention. Next, certbot has to start. You could start certbot without any parameters, which will try to autodetect a webserver. If the situation is right (for example, you happen to have Apache or nginx installed), it can automatically detect hostnames which the user can select.

Once you have the certificate and have it installed (which will happen automatically if the apache or nginx plugin is used), you just have to run certbot renew periodically. On most Linux distributions (e.g., Debian) this happens automatically because the package has installed a systemd timer or cron job.

For whatever a man is sowing, this he will also reap.

1 Like
10

The top of the page you quote from says:

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host.

To figure out what method will work best for you, you will need to know whether you have shell access (also known as SSH access) to your web host. If you manage your website entirely through a control panel like cPanel, Plesk, or WordPress, there’s a good chance you don’t have shell access. You can ask your hosting provider to be sure.

Since you manage your website through a control panel, the entire section about shell access you quoted from does not apply to you. What makes you think it did? How can we get across that this section of the document applies only to people with console access better than the second paragraph does?

1 Like
11

Thanks, Steve,
I went to sslforfree.com but after each of the 3 options got nowhere. I guess when somebody doesn't even know what FTP, FTPS, SFTP or where to find Port 80, it's like trying to fix a 2018 Volvo when the last engine you looked at was 1960 Chrysler!
Any suggestions?
IMy website luigik.com.mx is on godaddy.com using their GoCentral site builder but when I send en email message to clients it elicits "this is an unsecured site; are you sure you want to continue, etc etc.
Any suggestions or directions would be appreciated.LuigiK

stevenzhu
January 14 |

Hi,

luigik:
How is that true if the applicant still has to write some unknown command into to some unknown place?

I’m operating a godaddy Go Central site builder with no idea as their Apache, Linux, nginx or other system nor where I’d go to find the location for the insertion of some command.

Check this out, Welcome to the Certbot documentation! — Certbot 2.7.0.dev0 documentation. This has the documentation anybody need to obtain a cert in command line.

luigik:
But if someone really really really isn’t comfortable to use the command line interface, it’s probably not wise to use certbot, as it’s a command line interface program

let’s encrypt provide several method to obtain ssl and there is one that doesn’t need to involve with command line . Check sslforfree.com for graphic way to obtain the cert.

Thanks
Steven Zhu

Visit Topic or reply to this email to respond.

In Reply To

luigik
January 14 |

The offer for Certbot says " It can automate certificate issuance and installation with no downtime.“How is the certificate AUTOMATICALLY installed if the user cannot write the required commands into the shell? How is that true if the applicant still has to write some unknown command into to some u…
Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

12

It is not possible to use a third-party SSL certificate with GoDaddy GoCentral. You must purchase the Business Plan to use SSL with this service, which includes a free certificate.

Please note that GoDaddy sells certificates for money and doesn’t like the idea of free certificates too much. There’s not a lot we can do about that. :stuck_out_tongue_winking_eye:

13

Hi, T.C.
My host godaddy.com says I have shell access but they do not assist in installation of an SSL as they sell them at a ridiculous price on a yearly, renewable basis.I'm using their Go Central site builder.
I do not know what Apache, Linux, nginx, FTP, FTPS or SFTP even mean or where to find them. What is port 80?
I just want to complete building my site, add the SSL and use the site to attract customers.
Any suggestions or help you can offer would be appreciated.
LuigiK

Patches
January 14 |

The top of the page you quote from says:

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, which typically runs on your web host.

To figure out what method will work best for you, you will need to know whether you have shell access (also known as SSH access) to your web host. If you manage your website entirely through a control panel like cPanel, Plesk, or WordPress, there’s a good chance you don’t have shell access. You can ask your hosting provider to be sure.

Since you manage your website through a control panel, the entire section about shell access you quoted from does not apply to you. What makes you think it did? How can we get across that this section of the document applies only to people with console access better than the second paragraph does?

Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

14

GoDaddy offers shell access with many of its web hosting products, but not the GoCentral product. The only way to get SSL for this product is to upgrade to the Business plan for the GoCentral product. Doing this should enable SSL automatically.

This is an arbitrary limitation by GoDaddy and there is nothing Let’s Encrypt can do about it.

If you already have or upgrade to the business plan and still don’t have working SSL, please contact GoDaddy support for further assistance, as their documentation indicates it should be included automatically with this plan.

15

Thanks, but I don't NEED a Go Central business account as no transactions will be conducted on my site. It's simply a showcase for the products which when purchased will be re-directed to a checkout site for payment.
LuigiK

Patches
January 14 |

It is not possible to use a third-party SSL certificate with GoDaddy GoCentral. You must purchase the Business Plan to use SSL with this service, which includes a free certificate.
GoDaddy Community & Forums – 5 Aug 17
Go Central Website External Domain won't show HTTPS

I have a Business GoCentral website in one GoDaddy account and attempting to use an External Domain in another GoDaddy Account. I cannot get the External Domain to show the SSL. It seems as long as the domain is in the same account as the GoCentral...

Please note that GoDaddy sells certificates for money and doesn’t like the idea of free certificates too much. There’s not a lot we can do about that.

Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

16

Unfortunately while GoDaddy offers shell access with other plans, they don’t let you install software using it, so you cannot install certbot on it.

If you use GoDaddy’s CPanel-based hosting for the other account, you can use this procedure to set up Let’s Encrypt on it:

If you are using one of their other dozen web hosting services you’ll quickly notice the control panel looks different and won’t be able to proceed.

1 Like
17

As I said, I don’t NEED a business plan and won’t pay the exorbitant fees demanded by godaddy.
LuigiK

18

Godaddy assures me I have shell access but they won't assist with installation of an SSL they don't sell.
LuigiK

Patches
January 14 |

Unfortunately while GoDaddy offers shell access with other plans, they don’t let you install software using it, so you cannot install certbot on it.

If you use GoDaddy’s CPanel-based hosting for the other account, you can use this procedure to set up Let’s Encrypt on it:
Trying To Be Awesome – 23 Feb 17
LetsEncrypt SSL cert on GoDaddy Shared Hosting with No Root and No nc

$ acme.sh --issue -d MYDOMAIN.com -d www.MYDOMAIN.com -w ~/www --dns dns_gd Looks simple, doesn't it? Nope. Here's what you have to do to get to that point. (The following Worked For Me™ on shared GoDaddy hosting...

If you are using one of their other dozen web hosting services you’ll quickly notice the control panel looks different and won’t be able to proceed.

Visit Topic or reply to this email to respond.

In Reply To

luigik
January 14 |

Thanks, but I don’t NEED a Go Central business account as no transactions will be conducted on my site. It’s simply a showcase for the products which when purchased will be re-directed to a checkout site for payment. LuigiK Patches January 14 | It is not possible to use a third-party SSL ce…
Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

19

there is no misinformation.

there is a scope of understanding which is needed to understand what is meant by automated. Unfortunately, Cryptography and SSL Certificates are a topic which requires investment and understanding.

Let’s Encrypt is hinged on the ACME protocol. The ACME protocol defines a machine to machine specification for obtaining a certificate

some things to understand

As a public CA le’ts encrypt needs to meet the requirements set out by the CA Browser Forums (proving ownership of a domain)
As users of ACME have to prove ownership there is a direct relationship between how automated the process is. If you use a well tested web server or hosting provider or a DNS provider which has an API your chances of meeting the requirements to prove domain ownership in an automated way are high
Communications between you and Let’s Encryp is done via a client (there is no portal or interface as it is a machine to machine methdology)
Most clients require installation and access to a command line
Some clients are integrated in to control panels
Not every web hosting will work with Let’s Encrypt this is more with how they operate
There is a list of web hosting companies that work with Let’s Encrypt in an automated way :wink: Web Hosting who support Lets Encrypt

Hope this helps

Andrei

1 Like
20

I appreciate the response. Godaddy says I have shell access but does not help with installation of SSL certificates that they don't sell. So how does Let's Encrypt or Certbot help to automatically set up their SSLs without info on how to install it? I guess "automatic" and "ALMOST automatic" mean the same to some people. If in fact it's "almost automatic" then I need to know what my part is to actually install the SSL automatically
LuigiK

ahaw021
January 15 |

there is no misinformation.

there is a scope of understanding which is needed to understand what is meant by automated. Unfortunately, Cryptography and SSL Certificates are a topic which requires investment and understanding.

Let’s Encrypt is hinged on the ACME protocol. The ACME protocol defines a machine to machine specification for obtaining a certificate

some things to understand

As a public CA le’ts encrypt needs to meet the requirements set out by the CA Browser Forums
Communications is done via a client
Most clients require installation and access to a command line
Some clients are integrated in to control panels
Not every web hosting will work with Let’s Encrypt this is more with how they operate
There is a list of web hosting companies that work with Let’s Encrypt in an automated way Web Hosting who support Lets Encrypt

Hope this helps

Andrei

Visit Topic or reply to this email to respond.

In Reply To

luigik
January 14 |

I have shell access but don’t know how to apply that ability. Your website states: We recommend that most people with shell access use the Certbot ACME client. It can automate certificate issuance and installation with no downtime. It also has expert modes for people who don’t want autoconfiguratio…
Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

1 Like
21

I didn't sow any "magic fairies", I asked a relatively simple question to which you responded arrogantly.
LuigiK

Osiris
January 14 |

luigik:
Well, I guess “automatically” means different things to different people. Semantics . . . So, in fact, certbot cannot issue and file the SSL certificate automatically, but just as with Let’s Encrypt, somebody has to manually apply the information to something, somewhere. Let’s not assume that everybody is a computer techie with knowledge of all the codes etc and state straight out that Certbot does NOT automatically set up the certificate.

certbot has to be installed somehow. That’s the first “hurdle” which cannot be automated without human intervention. Next, certbot has to start. You could start certbot without any parameters, which will try to autodetect a webserver. If the situation is right (for example, you happen to have Apache or nginx installed), it can automatically detect hostnames which the user can select.

Once you have the certificate and have it installed (which will happen automatically if the apache or nginx plugin is used), you just have to run certbot renew periodically. On most Linux distributions (e.g., Debian) this happens automatically because the package has installed a systemd timer or cron job.

luigik:
And your condescending “Magic Fairy” comparison does not enhance your attitude.

For whatever a man is sowing, this he will also reap.

Visit Topic or reply to this email to respond.

In Reply To

luigik
January 14 |

Well, I guess “automatically” means different things to different people. Semantics . . . So, in fact, certbot cannot issue and file the SSL certificate automatically, but just as with Let’s Encrypt, somebody has to manually apply the information to something, somewhere. Let’s not assume that everyb…
Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.

22