Setting up encryption


#1

Hello!

I’m totally a novice when it comes to SSL, so please bear with me. I’m trying to set this up on my website, but I need advice in lay terms, lol.

Do I simply go to this link https://github.com/letsencrypt/letsencrypt and download the ZIP file and upload it to the Certificates page in SSL/TLS area of my cPanel?

Thank you for the help!


#2

First step is you will need to wait to tomorrow, that is when the public beta opens.

Second, you will want to consult the documentation here: https://letsencrypt.readthedocs.org/en/latest/using.html

It will be more convenient to run a command on your server to download the client vis its native package downloader. This is described immediately following the “Installation” sub-section.

Someone else may be able to confirm, but as far as I am aware, a Let’s Encrypt GUI tool for cPanel is not yet available.


#3

cPanel doesn’t have any automated Let’s Encrypt support as of yet. There is a feature request open with them, which is somewhere on their site. For now, you’ll need to use the manual method as described in the documentation mentioned.

Hopefully, as popularity grows, web hosting panels will offer an easy process, but for now it is what it is.


#4

Thank you both for replying! I’ll try it out tomorrow and post here if I run into any problems.

One question: If I install the Git program on my laptop and then continue with setting up SSL for my website/forum, will my information be published online anywhere? For example, information like my full name, IP, etc.?


#5

It shouldn’t. In fact, the only information that I recall providing is an e-mail address (for the account) as a contact if something’s up with the certificates or for stuff like renewal reminders.

If you don’t want to run the whole client, which is a bit overkill for manual stuff, you can look at other community-provided clients listed here. The simplest option listed there is the site https://gethttpsforfree.com/ which takes you through the manual steps to get your certificate.


#6

The hostname(s) the certificate is issued for will become public information.


#7

Yes, that’s true. Also, the IP used to submit the request may also be made public in the future from what I’ve read. No PII should be released, however.


#8

Thank you!

My host said they would configure the SSL for me, so I think I should be okay.

They’re asking for the following:

Certificate: The certificate may already exist on the server. You can automatically fill the certificate or paste the entire .crt file above.
Private Key: The key may already exist on the server. You can automatically fill the key or paste the entire .key file above.
Certificate Authority Bundle: In most cases, you do not need to supply the CA bundle. The server will retrieve it from a public repository during installation.

However, should I simply link them to the documentation? How should I approach providing the information?


#9

Well, you’ll want to generate the certificate on your side. You can use the manual verification method and either the full letsencrypt-auto tool or one of the other client tools I linked. Using the process, you will be able to generate the private key and the signing request (which is used to get the certificate) and then verify you own the site to get your certificate. The bundle is sometimes called the “chain”, and you’ll have that too.

You can certainly try to link them to the documentation, but depending on their service level and what they offer, they may charge you for their time. It’s worth asking if you’re uncomfortable doing it yourself.

Also, keep in mind that Let’s Encrypt is currently in closed beta, so unless you applied and were whitelisted, you’ll need to wait until later tomorrow to start the process.

Alternately, you can find certificates as low as US $9/yr if you don’t want to mess with Let’s Encrypt right now. It’s a great service, but still a bit rough. (You’ll still need to do the Key, CSR, verify dance for those.)


#10

Thank you again! I think I’ll shoot my host an email tomorrow afternoon EST (hopefully Let’s Encrypt will be open to the public by then) and link them to the documentation.

I’d prefer to stick with Let’s Encrypt as there’s no cost and only because people log in to post on my site, so their passwords are about all the personal information they need to enter.


#11

The Status Page says 6PM GMT, so convert that as you need to.


#12

Even better! My host is based in Europe, so I guess I can potentially have this set up a day earlier on my end. :smile:


#13

@heartbreakers: Just to clarify, the Let’s Encrypt client is software written to run on the webserver. So you need direct access to your servers command line (via SSH). If you have “shared” web hosting you probably cant use Let’s Encrypt’s software. I want to make sure you know this because you said you would install git on “your laptop”.


#14

That’s what the documentation instructs me to do. It has installation directions for Mac users. I have access to SSH via my cPanel. Is that sufficient?


#15

Potentially. You will need to know if you have root access. Most providers dont give you root access if you have shared hosting.

I guess you will find out tomorrow when you try to follow the instructions. Let us know how it goes :slight_smile:


#16

My host said they would set the SSL up for me if I provide the certificate, private key, and CA bundle, but I asked if they would follow the documentation and go about the process for me as it’s absolutely free; meaning, there’s nothing they lose on their end, so I think I should be good, right?

Sorry, I’m completely unfamiliar with SSL, which probabaly shows, lol. I mainly want a secure connection for my active guests, haha.


#17

Let’s Encrypt doesn’t need to be run on the server. You can run it in manual mode on your laptop, but you’ll need to upload challenge file on the server. After that, you’ll have your certificate on your computer, which you’ll give to the provider along with your private ley.


#18

Where on the server would I upload the file, and would I use a cPanel function or FTP to do so?

Do I have to remind my host to renew my certificate around the 60 day mark if I’m on a shared hosting plan, or will the certificate automatically renew?


#19

Where on the server would I upload the file, and would I use a cPanel function or FTP to do so?

The client will tell you the instruction. Basically, you’ll create a file containing a specific data, and put it on a specific path on tour server. You’ll probably use FTP for that.

Do I have to remind my host to renew my certificate around the 60 day mark if I’m on a shared hosting plan, or will the certificate automatically renew?

Auto-renewal is a feature of client for auto-install method. If you use manual mode (which you need to), it won’t work. So, you’ll have to run the command again if you need to renew the certificate, and then send the certificate to your provider again (along with your private key). I recommend setting reminder on your calendar, repeating every 2 months on a specific day.


#20

Thank you for the help!

So, just to be completely clear, when I follow the documentation, I absolutely have to download Git to my Mac, then I follow the manual instructions? I will be told exactly where I have to copy and paste commands? Is it possible that “terminal session” has not been authorized by my host, and in that case I would need to ask my host to run Git on my behalf?