Step by step instructions for installing and using certbot manually

I’m looking to generate and SSL certificates using certbot in manual mode and then send these to my web hosting provider. I just need some more detailed instructions of how to do this as outlined in the Manual section of the certbot user guide: https://certbot.eff.org/docs/using.html#manual

My domain is: www.williamorme.com

I ran this command: n/a Still trying to get certbot installed for manual use only

It produced this output: n/a

My web server is (include version): Internetse is hosting my website and Email services on their own servers ns1.tba.net and ns2.tba.net

The operating system my web server runs on is (include version): I don’t know. My hosting provider says:

“If you wish you can get it [SSL certificate] from anyone and send it to us and we will install it for you for free because we don’t provide SSH access, but you must do all the preparation work yourself which will be easy if you have good technical knowledge with the certificate installation.
Please send the certificate in PFX file includes the certificate and the key and the password.”

My hosting provider is: internetse.co.uk

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know. I have a Mac I can run a Terminal session.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I’m using wordpress as provided by internetse to edit my website.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): not dowloaded or installed yet.

1 Like

Before you start down this path, do you understand that you will need to repeat this entire process of emailing your provider at least every 90 days, as the certificates from Let’s Encrypt only have a duration of 90 days?

If your hosting provider doesn’t want to integrate Let’s Encrypt, but does support uploading custom certificates, you can install Certbot on your own computer and use it in manual mode. In manual mode, you upload a specific file to your website to prove your control. Certbot will then retrieve a certificate that you can upload to your hosting provider. We don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires. For most people it is better to request Let’s Encrypt support from your hosting provider, or switch providers if they do not plan to implement it.

If you’re set on doing it the hard way, you don’t necessarily have to use Certbot. There’s not much point installing it if you’re doing it all by hand. You can use a website like https://zerossl.com/free-ssl/#crt to achieve the same thing, in a somewhat friendlier way.

2 Likes

Yes. If the website proves useful I’ll end up paying the provider to generate and install the SSL certificate, but right now I would like to get it up and running without the “non-secure” label with minimum investment.

I tried using the zerossi link and it seems really easy to follow. But got an error:
Invalid response from http://williamorme.com/69yygzzely4mw-134mqp0eoa8gh5qzflannqf2shngy/ [193.13.133.111]: "\n<html lang=“en-GB” class=“no-js”>\n\n\t<meta charset=“UTF-8”>\n\t<meta name=“viewport” content=“width=device-wi”

I’m guessing when I used Wordpress to create the text file it actually created an html file. Any idea how you can get a plain text file in to the root folder using WordPress? I was using Add New Page.

1 Like

Generally you want to use the file manager that comes with your web hosting. Maybe FTP, maybe some kind of web control panel. Whatever was provided to you.

I don’t know whether you can directly upload files to arbitrary paths with WordPress - at least not without some plugins.

Thanks for your help. Internetse provide me with Wordpress to edit my website. I have asked them how I can upload the text files and they said send them to us, which I’ve now done.

I have installed the WP File Manager plug in, which from its description should allow me to upload files, but I can find the webroot directory for my website. It seems very strange that wouldn’t be accessible, but the plug in is not that intuitive for doing that and I haven’t found better instructions on line yet.

There is another option you could consider, even though I can’t really recommend it: https://wordpress.org/plugins/wp-letsencrypt-ssl/

(You should really use ftp)

OK thanks. If the Internetse-putting-the-text-file-in-the-right-place approach doesn’t work, I’ll try the WP Encryption plug-in next.

When my web hosting provider placed the text files in the required location I got an error from ZeroSSL below. Wondering if I should try DNS verification instead of HTTP?

Invalid response from http://williamorme.com/.well-known/acme-challenge/VAamteJnDBlWIESEAGdK0118-5C_7MsZCSKbnejJ8iQ [193.13.133.111]: “\r\n<html xmlns=\”http”
and:
Invalid response from http://www.williamorme.com/.well-known/acme-challenge/rwvPj6Il17xN94o7Lk0-ymeA1oYBMA6oUmLe1pZRGS0 [193.13.133.111]: “\r\n<html xmlns=\”http”

I also then tried the WP Encryption plug in on WordPress and got another error:

ERROR: CREATE_CLIENT:LEClient\Exceptions\LEFunctionsException: Could not generate key pair! Check your OpenSSL configuration. OpenSSL Error:
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
in D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\lib\Exceptions\LEFunctionsException.php:51
Stack trace:
#0 D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\lib\LEFunctions.php(65): LEClient\Exceptions\LEFunctionsException::GenerateKeypairException(‘Could not gener…’)
#1 D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\lib\LEAccount.php(74): LEClient\LEFunctions::RSAGenerateKeys(NULL, ‘D:\Webs\LocalUs…’, ‘D:\Webs\LocalUs…’)
#2 D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\lib\LEClient.php(156): LEClient\LEAccount->__construct(Object(LEClient\LEConnector), 1, ‘williamorme@bti…’, Array)
#3 D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\classes\le-core.php(113): LEClient\LEClient->__construct(‘williamorme@bti…’, false, 1, ‘D:\Webs\LocalUs…’)
#4 D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\classes\le-core.php(90): WPLE_Core->wple_create_client()
#5 D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\classes\le-core.php(74): WPLE_Core->wple_generate_verify_ssl()
#6 D:\Webs\LocalUser\williamorme.com\www\wp-content\plugins\wp-letsencrypt-ssl\admin\le_admin.php(407): WPLE_Core->__construct(Array)
#7 D:\Webs\LocalUser\williamorme.com\www\wp-includes\class-wp-hook.php(288): WPLE_Admin->wple_save_email_generate_certs(’’)
#8 D:\Webs\LocalUser\williamorme.com\www\wp-includes\class-wp-hook.php(312): WP_Hook->apply_filters(NULL, Array)
#9 D:\Webs\LocalUser\williamorme.com\www\wp-includes\plugin.php(478): WP_Hook->do_action(Array)
#10 D:\Webs\LocalUser\williamorme.com\www\wp-admin\admin.php(170): do_action(‘admin_init’)
#11 {main}

I think you should.

Eh, your provider probably does not like that plugin.

The DNS verification worked and I’ve now got the domain certificate and the domain key txt files. Yippee!

My web hosting provider is asking for a PFX file. Are there any recommended utilities and instructions for generating one of these on a Mac?

Thanks

I should add, I have tried with the Mac application Keychain Access, but can’t work out how to get the certificate and key in as it seems to only import .pfx or .p12 format files.

1 Like

openssl will do such thing :smiley:

1 Like

Thanks, I did start looking at this utility. The certificate and key files I have from ZeroSSL are both .txt files. Should I relabel them .cert and .pem? Or do these need converting first? Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.