Running certbot as root

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
usmcmta.org

I ran this command:
letsencrypt-auto

It produced this output:
su or sudo not found (don’t remember exact verbiage)

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes.

I am in a shared hosting environment on Godaddy. I attempted to install certbot from the command line, only to discover that it requires root privileges. I initially called Godday to see if I could get sudo privileges to complete the install, but then after reading over the installation script, I see that it actually requires to be run as root. Why?

Why does certbot run as root and not as a user? In a shared hosting environment, I can’t use Let’s Encrypt. I love the idea of using open source technology, but I can’t in my enviromnet. Certbot should run as either the user installing it, or a service account, but its not a good practice to run it as root.

Thank you.

Daryl

certbot-auto needs root access to install some dependencies from your server’s Linux distribution. It does not necessarily need root to function once installed, but certbot usually is used to install the certificates for you too and that does require root access.

For shared hosting, lightweight clients like acme.sh are usually preferred. These have lighter dependencies than full-featured clients, so you can usually get away with not installing anything as long as you have the basic necessities like openssl installed.

In fact, if you use GoDaddy’s CPanel-based hosting, you can actually automate the entire issuance process with it, including installing the certificate with the CPanel API:

1 Like

Thank you patches. I’ll look into using acme.sh.

Daryl

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.