Problem with web hosted web sites. HOW to get certificate for my web hosted web site?

Predrag 2015-12-19 17:28:39 UTC #1

I have a major problem making this work. First of all I'm not a programmer. I want this process to be easy as it is with Comodo cert for example. SO what is my problem?

I have installed this program in My elementary Freya OS. I have Tried to receive the certificate for my web-hosted web site. what ever I do it shows something like this.This is after manual try.

Failed authorization procedure. website.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 1 parts

IMPORTANT NOTES:
- The following 'urn:acme:error:unauthorized' errors were reported by
the server:

Domains: website.com
Error: The client lacks sufficient authorization

Can this work or not and can you make it simple as any other web based CRT creation? My web host use Cpanel if this count but I m not administrator therefore I can not type mkdir or something but I have made .wellknown directories on my public-html folder.

serverco 2015-12-19 17:47:52 UTC #2

Looking at the error ... you tried to get certificates for a couple of domains ... the one you left on the screen, and the one you 'erased'. The one that was 'erased' has a problem being reached by LE.

Is that domain hosted on your account ? is it reachable for the general public ?

For cpanel the following topics may help

Alternatively you may want to use a different client ( alternative clients)

Predrag 2015-12-19 21:26:58 UTC #3

Thank you for the links. These does not work for me as I' have web host account at third party web hosting provider therefore cannot use terminal at server.
It seems to me that in my case this is useless and extremely complicated as I can not get certificate for my website. Both addresses are the same site and are publicly visible and available.

serverco 2015-12-19 23:05:01 UTC #4

The first two links are specifically for cpanel, and don't require you to use a terminal onto the server. They are specifically for someone with a web host account at a third party web hosting provider using cpanel, and include step by step instructions of what to paste where.

Alternatively you may want to use a system like https://gethttpsforfree.com/ which can provide the certificate for you to give to the web host.

Predrag 2015-12-20 11:01:11 UTC #5

The further I go with https://gethttpsforfree.com/ is up to step 4. I can not connect to website with ssh terminal but I do with filezilla. I even created folders in public_html directly from cpanel but I do not know wich type of file should be there and how should be named
public_html/www.mysite.com/.well-known/acme-challenge/?
I put it like generic text file and wrote in long string of symbols that is shown as address to check

up6CQab87DiMbMmzZSlGZFun15y_DUnx1xE3AC26ZWY name

up6CQab87DiMbMmzZSlGZFun15y_DUnx1xE3AC26ZWY.UafOxi5ak0yhYiNpNr00cqOPN588p3aXorgOx4i9NDM content
It says when clicked something has gone wrong repeat step 1

serverco 2015-12-20 15:14:42 UTC #6

I've used the cpanel client, but not the gethttpsforfree client. @diafygi may be best to help on that one

waldon 2015-12-20 19:35:40 UTC #7

I've successfully used the manual mode to create the certs on my local machine and later import the certs on the hosted site (through the provider configuration panel):

./letsencrypt-auto certonly --text --manual-public-ip-logging-ok --rsa-key-size 4096 \
--manual --email user@host.com -d host1 -d host2

Be careful, you have to create and upload a challenge file for each host (i.e. two files because two hosts are given in the above example), which is a bit tedious, but the only tricky part.

Predrag 2015-12-20 21:30:27 UTC #8

I did it. Now I will make small tutorial for everyone who is in my situation which is MAJORITY.
First you need to install Letsencrypt as seen in Quick Guide https://community.letsencrypt.org/t/quick-start-guide/1631
If you have done anything properly you should have something like this at your terminal:

username@computername:~/letsencrypt$

then you run following command:
./letsencrypt-auto certonly --text --manual-public-ip-logging-ok --rsa-key-size 4096 \
--manual --email mymail@mywebsite.com -d mywebsite.com -d www.mywebsite.com

of course you should change mywebsite with your website

you will get this:

Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: sudo /home/username/.local/share/letsencrypt/bin/letsencrypt certonly --text --manual-public-ip-logging-ok --rsa-key-size 4096 --manual --email mymail@mywebsite.com -d pmywebsite.com -d www.mywebsite.com
[sudo] password for predrag:
Make sure your web server displays the following content at
http://mywebsite.com.well-known/acme-challenge/HYF32MIOUUkTqAWsHSSEHUc6fjtyANk9opr0AXiR1Nc before continuing:

HYF32MIOUUkTqAWsHSSEHUc6fjtyANk9opr0AXiR1Nc.5eGyE9mY7abn1imDCGu4odow4aweX0jQHU8pet-Udxw

If you don't have HTTP server configured, you can run the following
command on the target server (as root):

mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
cd /tmp/letsencrypt/public_html
printf "%s" HYF32MIOUUkTqAWsHSSEHUc6fjtyANk9opr0AXiR1Nc.5eGyE9mY7abn1imDCGu4odow4aweX0jQHU8pet-Udxw > .well-known/acme-challenge/HYF32MIOUUkTqAWsHSSEHUc6fjtyANk9opr0AXiR1Nc

run only once per server:

$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
Press ENTER to continue

At this point before you press ENTER you should login to your webhost Cpanel go to www or public_html folder and create first .well-known folder then inside this folder create another one acme-challenge then inside this create first file. The name of file will be the the last part of the link you need to click to check is the challenge file at place in this case this is:

HYF32MIOUUkTqAWsHSSEHUc6fjtyANk9opr0AXiR1Nc
save it as generic file. Then open file with edit and copy past the content which in my case was:

HYF32MIOUUkTqAWsHSSEHUc6fjtyANk9opr0AXiR1Nc.5eGyE9mY7abn1imDCGu4odow4aweX0jQHU8pet-Udxw
Save the file and check the link above http://mywebsite.com.well-known/acme-challenge/HYF32MIOUUkTqAWsHSSEHUc6fjtyANk9opr0AXiR1Nc it should show the page with content.
Now go back to terminal and press ENTER

It will show something like this
015-12-20 21:39:07,277:WARNING:letsencrypt.plugins.manual:Self-verify of challenge failed.
and then repeat with second host with www you put in. Repeat the steps as above creating the second file in the same folder in Cpanel. Check the links and press ENTER again .

Now it will make you certificates and show:

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/mywebsite/fullchain.pem.
Your cert will expire on 201?-0?-??. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Now you should just open the files with text editor copy it and fill in certificate fields in the Cpanel

That is it I hope this help to people who are not into all this programing stuff.

waldon 2015-12-21 15:00:53 UTC #9

The --renew-by-default option might come handy upon renewal.

And maybe --agree-tos is a better replacement for -manual-public-ip-logging-ok. I haven't checked that myself yet.

StopSpazzing 2015-12-21 17:03:03 UTC #10

This is duplicate information: https://community.letsencrypt.org/t/tutorial-for-os-x-local-certificates-and-shared-hosting/6859

waldon 2015-12-23 21:40:46 UTC #11

I've found an easier way to perform certificate registration that does not require any manual interaction: https://community.letsencrypt.org/t/fully-automate-manual-mode-for-shared-hosting/7416/11?u=waldon