Need help finding instructions that don't use SUDO

If you have root access, simply omit the sudo command from the examples. So, where you see sudo certbot certonly ..., run certbot certonly ... instead.

However, if you don’t have root access (and if that’s the case, which you suggest above, I don’t know what “root shell” would mean), you have the more fundamental question of how you’re going to install whatever cert you get. Personally, I’d suggest a different ACME client like acme.sh (https://github.com/Neilpang/acme.sh), which runs easily without root access (I avoid certbot for any use case except those using acme-dns), but that still doesn’t do anything to install the cert.

Hi,

If you are using cPanel, do you really wish to use certbot? (Or other choices are also ok?)

Certbot actually works best with dedicated servers and vps, not for shared hosting.
There are other tools that support shared hosting and (maybe) automatically install the certificate for you, so you won’t need to obtain the file and install it.
Also, certbot will not help you with your certificate installation, since you probably won’t have permission to touch the configuration file without root access.

You could try acme.sh, which have build in cPanel API support.

Thank you

Dear wqhjstudios,

When I type in sudo -i, I get the message that:
-bash: sudo: command not found

I’m very sure I don’t have root access. This is a shared hosting system - It wouldn’t make sense for them to allow root access or super user privileges to the individuals sharing the system. But thanks for trying.

CJ

Dear danb35 and stevenzhu,

What I meant was that I can use SSH (Secure Shell) to access the file structure to MY root, which is several folders down from the true root of the shared system.

Actually, I didn’t really know there were other clients to set up autorenew. I’ve only ever seen instructions for installing certbot when I googled the topic of how to set up autorenew with Let’s Encrypt certificates. I’ll check out acme.sh to see if that will work for me, and if there are instructions that I can understand to follow. Thanks.

Hmmmm, well, okay. I’ve now spent about 15 minutes looking over the link for acme.sh. I’ve read the entire instructions for installing it. And I have to admit - this is way over my head. There appeared to be much easier-to-understand instructions for someone like me about certbot.
But if I truly can’t use certbot because I don’t have root access (and/or can’t figure out how to use it without root access), then I’m happy to explore other options. But I’m going to need a lot more help than it appears is available.
Do you have any ideas for me? I’m willing to pay someone to help me get this set up for all my domains. Do you know someone to whom I can turn for help?
Peace
CJ Rhoads

While it’s possible to find a freelancer to set this up for you, it’s an uphill battle. GoDaddy disable the free and automatic feature of cPanel called AutoSSL that would do all of this for you. They do it so they can charge you extra money for SSL certificates.

Choose from a wide range of other cPanel hosts, and AutoSSL is included for free and automatically deals with this for you, for all of your domains.

Many reputable cPanel hosts will even perform free full cPanel account migrations (websites, emails, everything). Big thread of choices here: Web Hosting who support Let's Encrypt

2 Likes

Thanks for your advice, _az. A couple of months ago I tried very hard to switch to another provider. I spent many weeks trying to get all my sites migrated over to the new location, and was down for over a week. I was unable to get any help from the hosting organization - they kept saying they would fix the problem, but days would go by and I’m completely down and they didn’t fix it. I finally ended up pulling everything back to GoDaddy. They may not be the best, but at least when you call someone answers the phone. And though many of thier techs have no idea how to help you, some of them do (and if you keep calling back, eventually you will get to one who actually fixes the problem). Yes, they are charging outragious fees for SSL, which is why I’m trying to find a free solution (I’m a non-profit and can’t afford to pay more for SSL than for hosting!!!). I managed to get 4 of my domains on SSL a three months ago, but they just expired so now I’m looking for a better solution than manually renewing them all the time.
Do you know anyone who might help me? I don’t mind paying a one-time charge to learn how to set this up, and I’ve been assured by GoDaddy that it is possible, but I need to figure out how to do it without their help (as I’m undercutting their paid-for service.)

There are services like https://bobcares.com/server-administration-service available who can do ad-hoc hosting administration like this, or you can post a job to a freelancer site like Upwork, or you can look at a variety of cPanel sysadmin service providers.

Should you choose them, they just need to follow the cPanel-specific acme.sh instructions for each of your domains, but of course, it costs you more money and results are not guaranteed. I get that you’re probably pretty fed up with this SSL thing by now, but GoDaddy has painted you into a corner. There’s no good options other than trying to follow along the acme.sh tutorial or something functionally similar to it.

1 Like

Hi, _az.

Well, I contacted BobCares, but they are busy dealing with an emergency for another customer and won’t be able to help me today. So I started trying to follow the instructions for acme.sh. The first command worked just fine, and it resulted in a successful install of acme.sh (I think) except for the warning that if I’m using acme.sh in stand-alone mode I should install socat. The next command (which I believe was --staging, a test to see if the cretification will work correctly before actually issuing it) didn’t work , telling me

syihtq.org:Verify error:Invalid response from http://syihtq.org/.well-known/acme-challenge/FOKRdv4_bc_zb-28v4PQCbYscd04yGt5VDqxj0h2brY [23.229.140.154]

Indeed, there is nothing in the http://syihtq.org/.well-known/acme-challenge folder, and I think there should be a key there. When I looked in the folder where I kept notes from when I tried to install SSL on this domain before, there were three text files there, but none of them matched the one that it appears to be looking for.

I tried to install socat, but again the directions tell me to start with SUDO command, and I don’t have SUDO rights.

Are you sure that I will be able to use ACME.SH without SUDO rights? What is socat, and how can I install that? Or perhaps that has nothing to do with the error message?

The error message also suggested that I run the command again and add --DEBUG, which I did. The last three statements were that socat doesn’t exist, apache doesn’t exist, and nqingx doesn’t exist.

Any help that you could give would be most appreciated.

Peace
CJ Rhoads

You don’t need socat, or sudo. The instructions on https://github.com/Neilpang/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel are all you should need.

When you ran this command:

acme.sh --issue --webroot ~/public_html/ -d syihtq.org --staging

You needed to replace ~/public_html/ with the directory where syihtq.org is located.

You can try locate the correct directory with this command:

uapi DomainInfo single_domain_data domain=syihtq.org | grep documentroot

I tried that, and it appeared to work. But with the next command, I get the error message:
Account key is not found at: /home/taiji2014/.acme.sh/ca/acme0v02.api.letsencrypt.org/account.key

Any ideas what I should be looking at next?
BTW - there is an account.key at .acme.sh/ca/acme0v02.api.letsencrypt.org/account.key, at the root level of my domain

Is that exactly what the error says? acme0 instead of acme-? If so, seems like something has gone wrong.

Maybe try:

acme.sh --update-account
grep -R acme0v02 ~/.acme.sh

I got the same error message when I typed in the first command (typed in word for word)
Account key is not found at: /home/taiji2014/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key

I typed in the second line and nothing happened.

Perhaps it has something to do with the fact that the actual location for /home/taiji2014 (according to the webdav) is \\p3plcpn10401
Perhaps not.

/home/taiji2014 is probably correct. What WebDAV thinks isn’t really relevant here.

This issue with the account key not being found is odd, I haven’t run into it before - and I’m a user of acme.sh too.

At this point I’d probably just fully remove the /home/taiji2014/.acme.sh/ directory and start again (from this heading: Then install acme running the following command).

If it happens twice, we can ask the author of acme.sh for help.

Okay, I’ll try it. Should I try with a different domain? I used Syihtq.org because it’s the one I’d like to get up and running as soon as possible, but I don’t think I ever successfully got the certificate installed on that one - perhaps I should use one that I successfully installed before, or use one that I never tried to install SSL on at all.
As I noted, I have 14 addon domains I’m trying to get SSL installed on.

Same domain is fine. The problem you encountered is really not related to your domain but to your Let’s Encrypt account.

Once we get one going, the other 13 will be easy.

I’m getting the same error message about the account key not being found, only this time when I look, there is no CA directory under acme.sh

It might be that I just did it too quickly. Sometimes when I delete a file through webdav, it takes a few minutes for it to be truly gone, and in the meantime, I can’t overwrite it with a new version.

I’ll wait about 5 minutes and try to run the curl command again.

OK. I have tried the same instructions on my cPanel development server, and I ran into the same problem as you. It looks like the instructions are outdated.

Here is what I did to get it to work (the only difference really, is --register-account instead of --update-account):

$ curl https://get.acme.sh | sh

$ source ~/.bashrc

$ acme.sh --register-account

$ uapi DomainInfo single_domain_data domain=a.foo.monkas.xyz | grep documentroot
    documentroot: /home/monkas/public_html/a

$ acme.sh --issue --webroot /home/monkas/public_html/a -d a.foo.monkas.xyz --staging

Confirm that the above is successful, then do it for real:

$ acme.sh --issue --webroot /home/monkas/public_html/a -d a.foo.monkas.xyz --force

Confirm that the above is successful, then we can deploy the certificate to cPanel;

$ export DEPLOY_cPanel_USER=$USER
$ acme.sh --deploy --deploy-hook cpanel_uapi --domain a.foo.monkas.xyz
1 Like

I’m working on the uapi command. Do I type that exactly as written, or am I supposed to insert my domain info in places?
I suspect I should put ~public_html/web/syihtq because that is where the actual website resides.

I tried it and got the error message
Odd number of elements in hash assignment at bin/apitool.pl line 149.
warn [uapi] Could not find “single” in module “Domain Info” at /usr/local/cpanel/Cpanel/API.pm line 309