Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My problem is that if I click on the section on certbot where it promises to provide instructions, filling in the two dropdowns as "Apache" and "Web Hosting Provider", no instructions appear. I must be missing something obvious here (I have next to no knowledge of SSH, by the way).
That Getting Started page has a section for "Without Shell Access". The Certbot page you reference (should) show instructions for this. It gives links to popular hosting services and the kind of support they offer. You use your hosting service tools to get the cert (not by running Certbot yourself).
The other option is "With Shell Access" (like ssh). In this case you administer the operating system and web server (like Apache) and use an ACME Client (like Certbot) to get a cert.
It sounds like you are a novice and hopefully your hosting service provides the certs for you.
Who is your hosting service? Have you tried asking them about this?
I'm definitely a novice! Hi Mike, yes that's the page that I started from. I have shell access.
My host, tsohost, has been taken over by 123.reg/GoDaddy. They can do it all for me, but for 50 quid a year. so although I am a complete novice, I'd like to that money. They used to provide a Let's Encyrpt certificate for free.
I want to learn how to do it, but if you click on "Apache" and "Web Hosting" on the front page of certbot, no instructions appear. I tried changing the parameters to "Apache" and "Linux (snap)" and then all the instructions appear, about using the command line to ssh into the server and so on. But I don't want to do that in case I'm following the wrong set of instructions.
Yes, via cpanel. I don't want to become my own system admin. That's way beyond what I'd like to do. I was hoping that there might be instructions on how to get a CA using Let's Encrypt or certbot.
You might use this opportunity to switch hosting services. For example, if you just have a blog or WordPress site sign up at a service for just that. Those can take care of all the technical bits and just leave you to focus on the content.
Let's Encrypt certs expire after 90 days and LE recommend renewing after 60 days. You will need to repeat the cert process regularly. Using certsage is not usually difficult but manual options can be forgotten.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8029747121 (0x1de9c37b1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = loobynet.co.uk
Validity
Not Before: Jul 9 12:30:46 2024 GMT
Not After : Jul 9 12:30:46 2025 GMT
Subject: CN = loobynet.co.uk
Is that a self signed cert? (I'm mostly blind now)
I have read almost your entire site. With a magnifying glass!!! COOL!
Get a cert but consider the above suggestions.
Look at @griffin certsage. ... good code.
Many thanks all -- especially @griffin for the very clear instructions on how to use CertSage. The whole process (for a complete novice like me) took under five minutes. I will donate the first year's fees that Tsohost/123reg/GoDaddy wanted to charge me for doing it themselves -- which is £50 (!!!) .
(I have next to no knowledge of SSH, by the way).
and I'm so happy CertSage is working well for you! 