If you have root access, simply omit the sudo command from the examples. So, where you see sudo certbot certonly ..., run certbot certonly ... instead.
However, if you don’t have root access (and if that’s the case, which you suggest above, I don’t know what “root shell” would mean), you have the more fundamental question of how you’re going to install whatever cert you get. Personally, I’d suggest a different ACME client like acme.sh (https://github.com/Neilpang/acme.sh), which runs easily without root access (I avoid certbot for any use case except those using acme-dns), but that still doesn’t do anything to install the cert.
If you are using cPanel, do you really wish to use certbot? (Or other choices are also ok?)
Certbot actually works best with dedicated servers and vps, not for shared hosting.
There are other tools that support shared hosting and (maybe) automatically install the certificate for you, so you won’t need to obtain the file and install it.
Also, certbot will not help you with your certificate installation, since you probably won’t have permission to touch the configuration file without root access.
You could try acme.sh, which have build in cPanel API support.
When I type in sudo -i, I get the message that: -bash: sudo: command not found
I’m very sure I don’t have root access. This is a shared hosting system - It wouldn’t make sense for them to allow root access or super user privileges to the individuals sharing the system. But thanks for trying.
What I meant was that I can use SSH (Secure Shell) to access the file structure to MY root, which is several folders down from the true root of the shared system.
Actually, I didn’t really know there were other clients to set up autorenew. I’ve only ever seen instructions for installing certbot when I googled the topic of how to set up autorenew with Let’s Encrypt certificates. I’ll check out acme.sh to see if that will work for me, and if there are instructions that I can understand to follow. Thanks.
Hmmmm, well, okay. I’ve now spent about 15 minutes looking over the link for acme.sh. I’ve read the entire instructions for installing it. And I have to admit - this is way over my head. There appeared to be much easier-to-understand instructions for someone like me about certbot.
But if I truly can’t use certbot because I don’t have root access (and/or can’t figure out how to use it without root access), then I’m happy to explore other options. But I’m going to need a lot more help than it appears is available.
Do you have any ideas for me? I’m willing to pay someone to help me get this set up for all my domains. Do you know someone to whom I can turn for help?
While it’s possible to find a freelancer to set this up for you, it’s an uphill battle. GoDaddy disable the free and automatic feature of cPanel called AutoSSL that would do all of this for you. They do it so they can charge you extra money for SSL certificates.
Choose from a wide range of other cPanel hosts, and AutoSSL is included for free and automatically deals with this for you, for all of your domains.
Thanks for your advice, _az. A couple of months ago I tried very hard to switch to another provider. I spent many weeks trying to get all my sites migrated over to the new location, and was down for over a week. I was unable to get any help from the hosting organization - they kept saying they would fix the problem, but days would go by and I’m completely down and they didn’t fix it. I finally ended up pulling everything back to GoDaddy. They may not be the best, but at least when you call someone answers the phone. And though many of thier techs have no idea how to help you, some of them do (and if you keep calling back, eventually you will get to one who actually fixes the problem). Yes, they are charging outragious fees for SSL, which is why I’m trying to find a free solution (I’m a non-profit and can’t afford to pay more for SSL than for hosting!!!). I managed to get 4 of my domains on SSL a three months ago, but they just expired so now I’m looking for a better solution than manually renewing them all the time.
Do you know anyone who might help me? I don’t mind paying a one-time charge to learn how to set this up, and I’ve been assured by GoDaddy that it is possible, but I need to figure out how to do it without their help (as I’m undercutting their paid-for service.)
Should you choose them, they just need to follow the cPanel-specific acme.sh instructions for each of your domains, but of course, it costs you more money and results are not guaranteed. I get that you’re probably pretty fed up with this SSL thing by now, but GoDaddy has painted you into a corner. There’s no good options other than trying to follow along the acme.sh tutorial or something functionally similar to it.
Well, I contacted BobCares, but they are busy dealing with an emergency for another customer and won’t be able to help me today. So I started trying to follow the instructions for acme.sh. The first command worked just fine, and it resulted in a successful install of acme.sh (I think) except for the warning that if I’m using acme.sh in stand-alone mode I should install socat. The next command (which I believe was --staging, a test to see if the cretification will work correctly before actually issuing it) didn’t work , telling me
syihtq.org:Verify error:Invalid response from http://syihtq.org/.well-known/acme-challenge/FOKRdv4_bc_zb-28v4PQCbYscd04yGt5VDqxj0h2brY [184.108.40.206]
Indeed, there is nothing in the http://syihtq.org/.well-known/acme-challenge folder, and I think there should be a key there. When I looked in the folder where I kept notes from when I tried to install SSL on this domain before, there were three text files there, but none of them matched the one that it appears to be looking for.
I tried to install socat, but again the directions tell me to start with SUDO command, and I don’t have SUDO rights.
Are you sure that I will be able to use ACME.SH without SUDO rights? What is socat, and how can I install that? Or perhaps that has nothing to do with the error message?
The error message also suggested that I run the command again and add --DEBUG, which I did. The last three statements were that socat doesn’t exist, apache doesn’t exist, and nqingx doesn’t exist.
Any help that you could give would be most appreciated.
Okay, I’ll try it. Should I try with a different domain? I used Syihtq.org because it’s the one I’d like to get up and running as soon as possible, but I don’t think I ever successfully got the certificate installed on that one - perhaps I should use one that I successfully installed before, or use one that I never tried to install SSL on at all.
As I noted, I have 14 addon domains I’m trying to get SSL installed on.
I’m working on the uapi command. Do I type that exactly as written, or am I supposed to insert my domain info in places?
I suspect I should put ~public_html/web/syihtq because that is where the actual website resides.
I tried it and got the error message
Odd number of elements in hash assignment at bin/apitool.pl line 149.
warn [uapi] Could not find “single” in module “Domain Info” at /usr/local/cpanel/Cpanel/API.pm line 309