We can see that it requires to input some commands in order to install AutoMated Certificate on the site.
My host is asking a few questions before they consider allowing Let’s Encrypt" for my site schollloj.com
They need to confirm whether it will not affect any other site configuration or server configuration.
Make sure that it will only be specific to my site root directory environment only as it is a shared server and there may be chances that it would affect Apache configurations too.
Confirm this will work in shared server environment and will not affect to any other hosted sites or server configurations too.
Before executing any client files on server they need to make sure about its functions and its effect due to security reasons.
there are clients such as httpsforfree and zerossl which will issue letsencrypt certificates without having to install anything on the servers
if your hosting providers runs cpanel there are also cpanel plugins
in terms of confirming if there is a conflict or not this is pretty much up to the client you use
some clients use python while others use bash commands only
it sounds like your hosting provider hasn’t properly segregated the server (containers)
there are multiple providers who let clients use LetsEcnrypt so it might be worthwhile your provider reaching out to them
I think dehydrated is quite a popular client
I would add that Certbot (the client that we develop at EFF) is normally run with root access (but doesn't have to be) and normally tries to edit web server configuration files (but doesn't have to do so). If I were a shared hosting provider, I would not really want to run Certbot as root to edit web server configuration on behalf of a single customer, just because of the remote chance that it might cause a reliability problem for other customers.
The hosting provider can try to set up some kind of official support for Let's Encrypt for all of its customers using software of its choice, or can run a number of clients, as @ahaw021 pointed out, to obtain certificates without running as root and without automatically editing the server configuration files. I think the clients implemented in bash could be a good choice.
In any case, the provider should consider how the certificates will be installed once they're obtained, and how they'll be renewed when they expire (every 90 days).
My hosting provider is under the impression that the bot that is meant to automatically keep SSL certificates up to date cannot be installed on a shared server. Is this correct?
If you’re thinking of Certbot, it usually can’t be installed on a shared server by a customer because it would require the hosting provider’s permission. However, if the hosting provider itself is thinking of using Certbot, it can certainly choose to do so.
The biggest questions would be how much active attention it requires (e.g., do hosting provider staff have to be actively involved in obtaining new certificates or removing ones for people who are no longer customers?) and how well it can scale if the number of certificates becomes extremely large. But we have heard that some providers are using it directly and we’re happy to help them if they’d like to do that.
Thanks everyone for the input. My host was not willing to try make any adjustments on their side due to conflict concerns it may cause.
I have switched to a new host that has LetsEncrypt configured as a standard ssl on their shared servers, plus they have the latest version of php available as well. A real win-win for me.
Again, many thanks for your input.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.