It produced this output:
Waiting for verification…
Cleaning up challenges
live directory exists for trillionpictures.com-0001
My web server is (include version): Run on a local machine (Mac OS X). The hosting provider (inmotionhosting) does not support LetsEncrypt. So for all previous renewals I’ve run the above, pushing all the challenges to the proper ‘.well-known/acme-challenge’ directories, then finding the privkey.pem and cert.pem on the local machine and manually installing on through IMH’s c-panel. That’s always worked.
What’s different this time around is the .pem files are not being created on the local machine.
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.33.0
That key is supposed to be generated when the script first contact Let’s Encrypt API endpoints.
You could try to generate the test certificate first, then update the account email.
Wow. Brilliant. Not quite there yet, but this is looking like a huge, welcome improvement.
Questions
1 - I’m not seeing a privkey.pem generated from all this. Perhaps that’s fine and/or would be a security issue. But its absence is a departure from what I’m familiar with. What’s the story there?
2 - In the past I’ve had to create certs for both the www. and non-www version of each domain. Is that still the case using this ‘acme.sh’ method?
The certificate and keys are stored in local (shared hosting local) folders, i think it's under ~/.acme.sh/ then something... You don't need to do anything about that if you are only using that certificate for your cPanel, just follow the instructions and the script should help you install that certificate to the panel automatically.
If all subdomains pointed to the same content (server), you could create one certificate contain all version (subdomain) of the site (see the following example): (The webroot path should be where your codes are stored) acme.sh --issue --webroot ~/public_html/ -d test.com -d www.test.com
It looks like this is all working. I’ll follow up if there’s a problem , but thank you for the quick response and solution. Again. Wow. Big improvement.
It’s looking like the main domains all worked, but ran into some problems with the subdomains.
Didn’t see any errors in the course of running the acme.sh process, but if I http:// to any of the subdomains I get a message suggesting the domain didn’t get LetsEncrypted properly
Example (message in Chrome on MacOS):
Attackers might be trying to steal your information from
**runwithme.trillionpictures.com** (for example, passwords, messages, or credit cards).
Learn more
NET::ERR_CERT_COMMON_NAME_INVALID```
Curious why that should be. The main domains all successfully completed in one command (they are all housed under the same root folder, not separated into sub-folders. But the subdomains also follow the same folder structure. Is there a logic to their having to be done separately?
I'm not sure how exactly it works, but cPanel ,like Nginx and Apache, need you to specify the certificate manually when you got one... It would not automatically lookup what certificate is available on the machine and apply it, which might be horrible in some way.