My hosting provider, Site5 does not allow me to automatically install SSL. But I opened a support ticket requesting that they add this to cPanel. They responded that if I generated certificates for my domains and sent them the information that they would install LetsEncrypt certificates for free.
Trouble is... I don't see an option to "generate certificate for my domain" on this site. My situation seems to fall outside what your different options are... unless i am missing something. Please guide me...
If you have a Security section in cPanel with a TLS/SSL icon, you can install them yourself. No need to have Site5 do anything.
You will need an ACME client to acquire the certificates though. I'm in the process of rewriting my ACME client just for cases such as yours (and mine, thanks to GoDaddy shared hosting).
Hi guys - I appreciate your responses, but neither of you really answered my question. I do agree that site5 is not a great host but they already have my money and I don't have $300-500 laying around to migrate my sites ahead of my renewal date.
And to confirm, as I said, there is no option in my cPanel to do it. In the security section there is no TLS/SSL icon.
Maybe it would be helpful to copy/paste exactly what they told me:
"Unfortunately, we do not provide Let's Encrypt SSL certificates but we can install it for you for free of cost. Please contact Let's Encrypt at https://letsencrypt.org/ and generate the certificate for your domain. Once you get the certificate, please update ticket to complete the installation. "
Is there a way for you to install the LE cert yourself?
Or do you have to hand it to them for them to install?
I understand they are willing to do it for you - my question is must they do it for you?
And more importantly, what do you plan to encrypt?
If there is any PCI, you can forget about passing compliance.
It seems so. If cPanel doesn't offer such a solution. It might be possible to do it through the command line and the cPanel API, but is it worth the hassle?
The hosting provider has access to the private key anyway, so there isn't technically any security risk. In practice however, e-mailing a private key to a "random" support employee might prove to be a security risk anyway. The key might linger in @SICHLExpress' "Sent folder", the employee might not remove the private key from their e-mail system, it might get stored in some kind of backup for who knows how many years (which isn't really an issue if you use new private keys for every cert, as they are just 90 days valid, but still...)
To answer your question @SICHLExpress: Yes, it's possible. If you have access to the webroot of your site (through FTP or some other way) or you have access to your DNS zone, you can generate a certificate for your site. Please read the documentation on the Let's Encrypt site: Documentation - Let's Encrypt starting with "Getting Started" , "How Let's Encrypt Works", "Rate Limits" and "Challenge Types". The other documents are interesting too of course.
Sadly, even if I had my client update finished, it is "certonly" as it is designed to fulfill the certificate-acquisition piece of the puzzle for those who cannot use a CL client due to lack of skills or permission (e.g. shared hosting). Lack of functional TLS/SSL support requires fulfilling another piece of the puzzle entirely. This issue with Site5 makes any issues with GoDaddy shared hosting seem miniscule. At $12/year for shared hosting with GoDaddy, which includes registration of a new domain name, I really hope that Site5 hosting is free.
I'm really hoping that Site5 will operate with your certificate (and private key) being in the folders of your hosted account and not require you to (insecurely) migrate them (by email or such).
We can help you get a certificate, so no worries there. We are only concerned about how Site5 will handle the installation to keep from compromising your security.