Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:www.consumatepro.com
I ran this command: I’m a total Dunce & don’t understand how I obtain a certificate for my website
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: GoDaddy
I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes
@MitchellK, this isn’t the case. I operate a shared hosting site on GoDaddy (for now - moving soon) for a non-profit that is using Let’s Encrypt certificates right now.
That being said, @LarrikinAussie, it is a rather frustrating process to do this. Your best bet is to use a browser-based tool to issue these certificates, such as https://zerossl.com/free-ssl/#crt. Here, you’ll follow the directions (leave the CSR field blank). Note there are two challenge types to pick from. HTTP challenge requires you to upload a text file to your webserver that’s accessible from http://www.consumatepro.com/.well-known/acme-challenge. So, let’s say you put your web files in a directory called html/, you’d put the challenge file in html/.well-known/acme-challenge/. There’s also the DNS challenge type, but that’s a bit trickier for beginners, and doesn’t offer any real advantage in the majority of circumstances.
Once you complete this process, you’ll be presented two files: a certificate and a private key. These need to be put into your GoDaddy shared hosting control panel. The private key goes in the private key field (of course), but the other two fields are tricky. IMPORTANT! You’ll get two “keys” from ZeroSSL. One is your account key, which is like a login for Let’s Encrypt, and the other is your certificate’s private key. You need to give GoDaddy the latter, not the former. All the stuff for your certificate comes out at the same time is an easy way to remember this.
Your certificate file will look like this:
-----BEGIN CERTIFICATE-----
Lots of jumbled text
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Lots of jumbled text
-----END CERTIFICATE-----
Copy and paste the first “block”, including begin and end lines, into the certificate field, and the second into the CA bundle field. Submit this, and you’ll have a certificate on your site.
Now for the downside: you’ll have to do this at least every 90 days, as that’s how long before Let’s Encrypt certificates expire. It’s recommended to renew at least a couple weeks to a month early to give some buffer time. This is an obnoxious process to perform several times a year. You might consider changing to a host who has automated support for Let’s Encrypt (you check a box or click a button and it’s on forever, and handles the renewals for you!) There’s a list here: Web Hosting who support Lets Encrypt
