Non-root plugin for shared hosting


#1

Hello,

Can anyone give an example of a “completely” non-root plugin for using LE, that can be considered to be used on shared hosting? As far as I know, cPanel’s AutoSSL is managed (enabled) from ‘root’.

Thank you.


Response to Inaccurate Customer Support Email
#2

I think most of the alternative clients can run as none-root. Certainly the bash, python, php ones.

If you want a specific example - GetSSL, which is one I wrote, can run “completely” root free for obtaining the certificate on most shared hosting. If you use the DNS-01 challenge, then it doesn’t even need to run / be on the server.


#3

I moved this to a new post since it’s only tangentially related to the original post.

As for your question, are you asking about a plugin that you can use on any shared hosting environment where you have limited (non-root) access?

The tricky part here is not to get the client running, but rather having sufficient access to the system to configure and enable SSL/TLS. It would be easy to generate the keys, run an ACME client, solve the domain ownership challenge and obtain the signed certificate all without root - and most clients from the client list @serverco mentioned do this. Access to the server configuration, however, is typically limited to root, and that’s the main reason certbot runs as root by default. The only way to get around this would be some sort of API offered by your shared hosting provider where you can push your certificate and key to, but if the provider is going to bother implementing something like that, they might as well add support for Let’s Encrypt directly.


#4

Thanks for the suggestion,

I’ve just SSHed into my shared cPanel account, downloaded the getssl script but after ./getssl -c mydomain.com got this:

getssl: this script requires one of: nslookup drill dig host

I tried to yum on one of those, but obviously yum is locked for shared users.

Do you happen to know other way to install dig, nslookup or else?

Thanks


#5

There are a couple of ways around that. Before going too much down the effort of doing that though, have you checked that you can upload a certificate to your cpanel and your hosting provider allows you to add a certificate ?


#6

Yes, it does. I just need to understand how can I get it working using the tools I have and not involving the hosting company. Please share the workarounds you have and I will do some research on my side.

BTW: I succeeded to issue a cert using acme.sh. Although, installation script did not work, apparently due to lack of admin rights. So I went on to Cpanel’s SSL/TLS and installed it manually.


#7

Which installation script was that ? have you got the uapi function available in ssh on your account ? if so try this cpanel certificate upload script which is a cpanel function that doesn’t need admin permissions to upload the script automatically. It should be easily modifiable to use the certs you obtained using acme.sh.


#8

Thanks!

The slightly modified cert upload script worked like a charm.

I will be playing around with other clients though.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.