Selecting a Suitable Client for Shared hosting plans with no Super User Priveleges

The Getting Started section of the Let’s Encrypt documentation lists scenarios of having SSH and not having SSH. It seems these are not the relevant scenarios because shared hosting plans provide SSH and yet SSH is insufficient to install cerbot. I think the superuser privilege is needed. So your documentation needs to be changed to list the scenarios of having superuser privileges, or not, on the server. In other words, having a VPS hosting plan versus a shared hosting plan. I believe most website maintainers work with shared hosting plans so I am very puzzled about how Lets Encrypt seems to have overlooked this most common working environment. Am I missing something here? Thanks.

@jsha, I seem to remember that you and I discussed this a while ago, and I no longer remember exactly what we were thinking about it at the time. Could I get your opinion about @rtdrury’s concern?

It's actually possible to install certbot without root privileges, although it's not documented very well. You would need to install all dependencies in your home directory (certbot-auto does this by default) and use certbot-auto certonly --webroot ... (User Guide — Certbot 1.21.0 documentation). You would also need write access to the webroot directory.

I do agree that this could probably be clarified on the Getting Started page, though.

You’d also have to tell it not to save your certificates in /etc/letsencrypt. :slight_smile: Maybe we should have a separate “non-root guide” somewhere.

hi @rtdrury

If you review a list of clients some of them can be used without sudo priveleges

https://letsencrypt.org/docs/client-options/

This is also an option that others in your situation have pursued.

Andrei

Thanks everyone. It looks like using certbot requires control over the
server software so maybe it could be documented “for those working with
a shared commercial hosting account” to install certbot locally and run
a cron job to generate/email new certificates to the hosting company
support email every 90 days.

Jacob Hoffman-Andrews wrote:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.