You'd need it again 60 days later
Not if it can just install a CLI acme client under the hood. The issue with "needing it again" means it'd need to stay available for public access. I already see many log entries from bots looking for things like "wp-admin"... they'll just add "GoDaddySSLGenerator.php" to the list and this will become a security nightmare.
In an ideal scenario, this could be a "run once and never need it again" script. Automatic renewals included.
But where and how would the PHP script install itself? Also, to install a certificate, one usually requires root access. PHP scripts would never run as root, that would be a security nightmare.
A hack is never ideal.
The ideal scenario is for GoDaddy to support it right in their panel.
But that would mean revenue loss for them - it's all about the Benjamins!
[don't be shy - get involved and be heard - start with: if you see something you like, then like it ]
True... ideal would be that GoDaddy just stop being so greedy
@Osiris - I won't pretend to know all of the angles. Root is likely needed to install software, certainly needed to bind to ports < 1024 (although certbot's --webroot plugin doesn't need that, probably could be avoided). Perhaps there's a way to run a PHP script as root just once (like a cron job?) for the purposes of installing certbot, then the PHP script could delete itself (and the cron job).
Actually... there's no root access for cheap shared hosting. Pooh.
If GoDaddy relinquishes root access (even once), then all sites are pwned.
That will never happen in such a shared system.
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
...and the second-most-ideal scenario is that people would vote with their wallets for less user-hostile hosting providers.