Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.psychologyandliving.com.au (shared IP: 27.121.66.188)
I ran this command:
It produced this output:
My web server is (include version): Apache Vers. 2.4.18
The operating system my web server runs on is (include version): Cloud Linux
My hosting provider, if applicable, is: NetRegistry.com.au
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel 74.0.9
I was speaking with support at NetRegistry, they have agreed to help with the installation/setup of a LetsEncrypt certificate. They advised that LetsEncrypt will need my admin email account and full name as a means of verifying I own the domain, next you would issue a CSR I could send to them (or you do) to begin the next stage of the process. Is this all I need to do? If so to whom at LetsEncrypt do I send my NetRegistry account details to? Or is it NetRegistry who have to send the details … sorry I’m really confused after talking with NetRegistry.
Let's Encrypt is a completely automated service which doesn't have staff performing the tasks that you mentioned. The recommended way of using Let's Encrypt services if you don't run your own server is to get your hosting provider to integrate with Let's Encrypt; in this case NetRegistry would adapt their software systems so that customers would automatically receive Let's Encrypt certificates. Apparently NetRegistry hasn't done this work yet, and may not intend to. We have a community-maintained list of hosting providers that do support Let's Encrypt:
In addition, several control panel applications that shared hosting providers often offer to let customers administer their sites have Let's Encrypt support, so hosting providers can allow users to get Let's Encrypt certificates through a control panel.
If you want to replicate the experience of a traditional paid CA with a CSR, you can use a web-based client like https://zerossl.com/. This would work with what NetRegistry has suggested, but recently Let's Encrypt has made clear that this isn't a recommended way of using the Let's Encrypt service because it isn't automated and can't be made automated. Right now, you would have to repeat the entire process at least every three months, and in the future it might be necessary to repeat it even more often. Our colleagues running Let's Encrypt have made clear that this isn't likely to be a good experience for users, and runs a risk of an expired certificate if nobody manages to perform the renewal steps during a particular period. So while you're certainly welcome to do this, it's not the suggested way to use Let's Encrypt.
Thanks for your reply. You are right NetRegistry have no intention of adapting their systems to LetsEncrypt.
Just to clarify, are you saying that if I use zerossl.com I would have to repeat that process at least every 3 months? If so looks like my options are very limited … might have to move to a new hosting service as NetRegistry want $199 to install their standard certificate.
Yes you will have to, as certificates are valid only 3 months. You should renew them a few weeks earlier to avoid any problem, and you should monitor the expiration too.
In the Australian context, it’s a good idea to stay away from any hosting brand operated by the Arq Group (Melbourne IT, Net Registry, Web Central, Uber/Jumba, etc) as well as those owned by Hostopia or Dreamscape Networks. They’re all hostile towards their customers often put up barriers to make SSL automation as painful as possible.