Need help finding instructions that don't use SUDO

My domain is: hplconsortium.com, but I’m trying to install certbot in order to auto-renew for 14 addon domains (and a dozen domains forwarding to those 14).

I ran this command: So far I’ve gained SSH access, downloaded certbot and moved it into the etc/letsencrypt directory, and learned how to run cron jobs on my server.

The problem is that I don’t have root access. According to this page:
Certbot Does Not Require Root
I can do this without root access, but the problem is that none of the instructions are written for this situation. I’ve figured out how to download certbot-auto without root access, but I don’t know enough to use it, and the instructions start with the sudo command (which means I can’t use the instruction exactly as written but must figure out the workaround for non-sudo rights).

So it would be soooo helpful for someone who can tell me the instructions for using certbot without root access.

Any help that anyone can give me would be most appreciated.

Oh - and my certificates are about to expire, so I’m kind of in a bind to get this done quickly.

My web server is (include version): Godaddy shared Linux Cpanel using Apache 2.4.39.

The operating system my web server runs on is (include version): Linux
This is what I get when I run uname -a
Linux p3plcpnl0401.prod.phx3.secureserver.net 2.6.32-954.3.5.lve1.4.66.el6.x86_64 #1 SMP Thu Jun 20 11:00:35 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is: Godaddy

I can log to root shell for my shared space, with access to all the shared root directories such as etc var etc. I’m using Putty with SSH. But I can’t get sudo rights that would let me make overarching changes on the server. I can run cron jobs through an app that Godaddy provides on the cpanel.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes. Cpanel 78.0 (build 27)

I haven’t figured out how to get the version of certbot-auto yet, but I just downloaded it today. I have the certbot-auto package in the letsencrypt folder, but it has an asterick after it and I believe there is another step before I can use it.

1 Like

deep breath…have u tried entering this into your terminal:
sudo -i

? i was in ur position not too long ago.some kind soul threw me a bone. if u can get root access once with the sudo command, then “sudo -i” should keep u rooted for the current session.
lemme kno what happens.

If you have root access, simply omit the sudo command from the examples. So, where you see sudo certbot certonly ..., run certbot certonly ... instead.

However, if you don’t have root access (and if that’s the case, which you suggest above, I don’t know what “root shell” would mean), you have the more fundamental question of how you’re going to install whatever cert you get. Personally, I’d suggest a different ACME client like acme.sh (https://github.com/Neilpang/acme.sh), which runs easily without root access (I avoid certbot for any use case except those using acme-dns), but that still doesn’t do anything to install the cert.

Hi,

If you are using cPanel, do you really wish to use certbot? (Or other choices are also ok?)

Certbot actually works best with dedicated servers and vps, not for shared hosting.
There are other tools that support shared hosting and (maybe) automatically install the certificate for you, so you won’t need to obtain the file and install it.
Also, certbot will not help you with your certificate installation, since you probably won’t have permission to touch the configuration file without root access.

You could try acme.sh, which have build in cPanel API support.

Thank you

Dear wqhjstudios,

When I type in sudo -i, I get the message that:
-bash: sudo: command not found

I’m very sure I don’t have root access. This is a shared hosting system - It wouldn’t make sense for them to allow root access or super user privileges to the individuals sharing the system. But thanks for trying.

CJ

Dear danb35 and stevenzhu,

What I meant was that I can use SSH (Secure Shell) to access the file structure to MY root, which is several folders down from the true root of the shared system.

Actually, I didn’t really know there were other clients to set up autorenew. I’ve only ever seen instructions for installing certbot when I googled the topic of how to set up autorenew with Let’s Encrypt certificates. I’ll check out acme.sh to see if that will work for me, and if there are instructions that I can understand to follow. Thanks.

Hmmmm, well, okay. I’ve now spent about 15 minutes looking over the link for acme.sh. I’ve read the entire instructions for installing it. And I have to admit - this is way over my head. There appeared to be much easier-to-understand instructions for someone like me about certbot.
But if I truly can’t use certbot because I don’t have root access (and/or can’t figure out how to use it without root access), then I’m happy to explore other options. But I’m going to need a lot more help than it appears is available.
Do you have any ideas for me? I’m willing to pay someone to help me get this set up for all my domains. Do you know someone to whom I can turn for help?
Peace
CJ Rhoads

While it’s possible to find a freelancer to set this up for you, it’s an uphill battle. GoDaddy disable the free and automatic feature of cPanel called AutoSSL that would do all of this for you. They do it so they can charge you extra money for SSL certificates.

Choose from a wide range of other cPanel hosts, and AutoSSL is included for free and automatically deals with this for you, for all of your domains.

Many reputable cPanel hosts will even perform free full cPanel account migrations (websites, emails, everything). Big thread of choices here: Web Hosting who support Let's Encrypt

2 Likes

Thanks for your advice, _az. A couple of months ago I tried very hard to switch to another provider. I spent many weeks trying to get all my sites migrated over to the new location, and was down for over a week. I was unable to get any help from the hosting organization - they kept saying they would fix the problem, but days would go by and I’m completely down and they didn’t fix it. I finally ended up pulling everything back to GoDaddy. They may not be the best, but at least when you call someone answers the phone. And though many of thier techs have no idea how to help you, some of them do (and if you keep calling back, eventually you will get to one who actually fixes the problem). Yes, they are charging outragious fees for SSL, which is why I’m trying to find a free solution (I’m a non-profit and can’t afford to pay more for SSL than for hosting!!!). I managed to get 4 of my domains on SSL a three months ago, but they just expired so now I’m looking for a better solution than manually renewing them all the time.
Do you know anyone who might help me? I don’t mind paying a one-time charge to learn how to set this up, and I’ve been assured by GoDaddy that it is possible, but I need to figure out how to do it without their help (as I’m undercutting their paid-for service.)

There are services like https://bobcares.com/server-administration-service available who can do ad-hoc hosting administration like this, or you can post a job to a freelancer site like Upwork, or you can look at a variety of cPanel sysadmin service providers.

Should you choose them, they just need to follow the cPanel-specific acme.sh instructions for each of your domains, but of course, it costs you more money and results are not guaranteed. I get that you’re probably pretty fed up with this SSL thing by now, but GoDaddy has painted you into a corner. There’s no good options other than trying to follow along the acme.sh tutorial or something functionally similar to it.

1 Like

Hi, _az.

Well, I contacted BobCares, but they are busy dealing with an emergency for another customer and won’t be able to help me today. So I started trying to follow the instructions for acme.sh. The first command worked just fine, and it resulted in a successful install of acme.sh (I think) except for the warning that if I’m using acme.sh in stand-alone mode I should install socat. The next command (which I believe was --staging, a test to see if the cretification will work correctly before actually issuing it) didn’t work , telling me

syihtq.org:Verify error:Invalid response from http://syihtq.org/.well-known/acme-challenge/FOKRdv4_bc_zb-28v4PQCbYscd04yGt5VDqxj0h2brY [23.229.140.154]

Indeed, there is nothing in the http://syihtq.org/.well-known/acme-challenge folder, and I think there should be a key there. When I looked in the folder where I kept notes from when I tried to install SSL on this domain before, there were three text files there, but none of them matched the one that it appears to be looking for.

I tried to install socat, but again the directions tell me to start with SUDO command, and I don’t have SUDO rights.

Are you sure that I will be able to use ACME.SH without SUDO rights? What is socat, and how can I install that? Or perhaps that has nothing to do with the error message?

The error message also suggested that I run the command again and add --DEBUG, which I did. The last three statements were that socat doesn’t exist, apache doesn’t exist, and nqingx doesn’t exist.

Any help that you could give would be most appreciated.

Peace
CJ Rhoads

You don’t need socat, or sudo. The instructions on https://github.com/Neilpang/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel are all you should need.

When you ran this command:

acme.sh --issue --webroot ~/public_html/ -d syihtq.org --staging

You needed to replace ~/public_html/ with the directory where syihtq.org is located.

You can try locate the correct directory with this command:

uapi DomainInfo single_domain_data domain=syihtq.org | grep documentroot
1 Like

I tried that, and it appeared to work. But with the next command, I get the error message:
Account key is not found at: /home/taiji2014/.acme.sh/ca/acme0v02.api.letsencrypt.org/account.key

Any ideas what I should be looking at next?
BTW - there is an account.key at .acme.sh/ca/acme0v02.api.letsencrypt.org/account.key, at the root level of my domain

Is that exactly what the error says? acme0 instead of acme-? If so, seems like something has gone wrong.

Maybe try:

acme.sh --update-account
grep -R acme0v02 ~/.acme.sh

I got the same error message when I typed in the first command (typed in word for word)
Account key is not found at: /home/taiji2014/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key

I typed in the second line and nothing happened.

Perhaps it has something to do with the fact that the actual location for /home/taiji2014 (according to the webdav) is \\p3plcpn10401
Perhaps not.

/home/taiji2014 is probably correct. What WebDAV thinks isn’t really relevant here.

This issue with the account key not being found is odd, I haven’t run into it before - and I’m a user of acme.sh too.

At this point I’d probably just fully remove the /home/taiji2014/.acme.sh/ directory and start again (from this heading: Then install acme running the following command).

If it happens twice, we can ask the author of acme.sh for help.

Okay, I’ll try it. Should I try with a different domain? I used Syihtq.org because it’s the one I’d like to get up and running as soon as possible, but I don’t think I ever successfully got the certificate installed on that one - perhaps I should use one that I successfully installed before, or use one that I never tried to install SSL on at all.
As I noted, I have 14 addon domains I’m trying to get SSL installed on.

Same domain is fine. The problem you encountered is really not related to your domain but to your Let’s Encrypt account.

Once we get one going, the other 13 will be easy.

I’m getting the same error message about the account key not being found, only this time when I look, there is no CA directory under acme.sh

It might be that I just did it too quickly. Sometimes when I delete a file through webdav, it takes a few minutes for it to be truly gone, and in the meantime, I can’t overwrite it with a new version.

I’ll wait about 5 minutes and try to run the curl command again.