Shared Hosting (Arvixe) no sudo, what to do?

thanks again for getting back to me @schoen
I sort of figured this out but I can’t seem to figure out how to install it through cPanel
in the acme sh readme has you “copy” the keys but to add them through cPanel, I seem to be missing the private key… or I seem to be missing some instruction or something…

I’m not sure I follow what that long command is supposed to do… and how to go through the cPanel applet… would you have info on that?

I really appreciate the help!

You should have a private key somewhere because you specified its locate to acme.sh when you ran it, right? What is cPanel asking you for and what is it saying when you try to import the certificate?

oddly, acme[dot]sh didn’t ask for the private key and just now browsing through cPanel’s SSL/TL page, I found there was one for the domain I’m creating an SSL for… So I tried to paste that in the SSL manager but I got a this key doesn’t match message, maybe worded differently.

but you said you ran

which specifies a private key for acme.sh to use, doesn't it?

well that’s what I’m trying to figure out… specially since the key file is empty… i tried to look for it in the specified folder after acme sh was done but the file is 0 bytes and empty

this is the documentation for acme sh
3. Install the issued cert to Apache/Nginx etc.

After you issue a cert, you probably want to install/copy the cert to your Apache/Nginx or other servers. You MUST use this command to copy the certs to the target files, DO NOT use the certs files in ~/.acme.sh/ folder, they are for internal use only, the folder structure may change in the future.

Apache example:

acme.sh --install-cert -d example.com
–cert-file /path/to/certfile/in/apache/cert.pem
–key-file /path/to/keyfile/in/apache/key.pem
–fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem
–reloadcmd “service apache2 force-reload”

so replaced the path to with the paths given at the end of the acme sh run… not sure how to tell the command worked aside from the fact the reloadcmd errors out.

Oh, sorry, I misunderstood. Now I see that you got ZeroSSL to work but not acme.sh!

Did you try the simple --issue form of acme.sh that’s mentioned toward the top of the acme.sh page? I don’t see any likelihood that the --install-cert can work for you on shared hosting without root access.

acme.sh has a deploy hook cpanel_uapi, which and deploy/install the cert to your cpanel website:
https://github.com/Neilpang/acme.sh/blob/master/deploy/cpanel_uapi.sh

acme.sh --issue -d example.com .....
acme.sh --deploy  -d example.com --deploy-hook  cpanel_uapi

The zeroSSL is for the main domain on the hosting account.
–issue is what I had used to create the cert and keys.
It seems that I can’t avoid having to manually install the cert considering I have no root but what I’m puzzled about is the empty keys… I have 2 empty keys; one for the domain & www.domain and another for subdomain.domain - in their respectively created folders

Hello @Neilpang and thanks for responding, also for creating the bash! it makes a lot easier compared to other methods I have tried.
Unfortunately --deploy requires me to have root.
Would you happen to know why the private keys are returned empty?

@schoen & @Neilpang I believe I’ve figured it out, well, at least found a solution.
I deleted the folders created on key issuing (1 for domain and www. - 1 for subdomain.domain)
Sent issue commands (with --force) and checked the newly created folders which had non-empty priv keys…
Copy/pasted the cert that was printed in the terminal for each of the commands coupled with the contents of the priv keys and ca.cer in the cPanel SSL/TLS > SSL manager.
They both worked and securing the domain, www.domain and subdomain.domain is in effect.

I’m not sure what happened the first time around but I do have a theory; I had created the certs on sslforfree[dot]com initially. So there was a private key “somewhere” - which I could’ve possibly tried to paste in SSL manager but after deleting the key folders, I did have a “Create CSR error”.
This lead me to try the --force option and voila!

Now it is my understanding that acme[dot]sh will renew the cert on its own and I would just have to load them manually. Is that correct? If so, the only way I can manage any form of automation would be by gaining root privileges.

There is a much easier way…

cPanel naively supports Lets Encrypt without plugins or other hassle. It should be point and click for you, maybe even automatic without your intervention depending on “if and how” Arvixe enables this setting, if they will enable it at all. Many of the EIG hosts have no plans of deploying this because they make money on name brand SSLs.

–Devon