It made all the sense when you spelled out the sources. I had been looking at them and was wondering over different issuers and length of effective time. AV.W - I purchased right before I went back to request for SSL. Namecheap provides 1 year SSL free so that is why it expires next year. I did not catch on that it already has SSL. SS had one and expired and so I needed SSL but namecheap charges $34. My professor pointed me to LetsEncrypt. CEtc was only parked and did not have SSL so I did not have any trouble requesting for SSL.
Different browsers - Firefox does not let me get past the alert. Safari has a link option to proceed at my own risk sort of, and that's how I was able to go through. I forgot what Chrome was showing as I did not check it after I got through in Safari.
Wow. I learned at lot. I so appreciate your patience. It must have been obvious to you I did not know what I was doing.
All three good to go. Now I have a week to build the websites. Ha.
The email notifications are per ACME account and not per certificate, so as long as you were using the same CertSage directory, which contains your account key(s) (production and staging), you will receive notifications for all certificates issued using that account. You can always update your account email at any time (even after cert issuance) to receive notifications for all certificates issued (or that will be issued) using that account.
One of my servers is at Namecheap aswel, your proffessor is right, you can do all for free with Let's Encrypt. Namecheap does has a 24/7 live chat I used myself a few times, youll get a real person, no costs, within a minute just so you know fyi
I think they messed up your first experiencies with Certificate generation etc. by confusing you, who was in the middle of a process trying to a achieve something specific already, by applying that working certificate while you were busy.
If you are under the assumption you are not encrypted and using port 80, meanwhile https goes active.. youll end up with the same as me, wondering why this 5th identical unbuntu installed server, simply just does not want to accept all the same commands I used every time I tried so many things before I noticed that during my configuration they setup ssl.
The thing you are saying that mail is not showing as secured sounds like a hosting panel (like cpanel and others) thing. Where they will say that simply because you did not get a wildcard certificate or didnt secure mail.yourdomain.com, and that simply gives that message. (also the Mail trial i still have at Namecheap, as far as I know is totaly separate from the cpanel mail information you see currently. But cpanel might just be a little better then the Plesk i used mostly)
My experience with Namecheap was the worst of my 3 providers.
I ended up only using their domain names, and whois guard, cloudflare free account to use a dns (you get the ability to use CAA and other options with it). And the servers are from a cheap local hoster. Certificates made with let's encrypt. thats it.
combining 3 services ended up being easier then the Plesk and other Panel software i tried my first months (im just a new as you).
I am actually referring to the mail subdomain, not the email notifications, but you have addressed it that I can add it when requesting for the cert. I am not keen on setting up mail so I will worry about it later.
[It turns out that .world has a disadvantage - it was blocked/banned as high-risk when I checked the site while at work. Ha. It had nothing on it.]
Hi, thanks. I actually have a good experience with namecheap and use their chat when ever I need help.
As for the confusion, it was a simple logic that I missed. I learned a lot just going through this step by step.
I am also hosted on Namecheap. FYI I used this before I discovered griffin's routine:-
How to Install Free SSL Certificate on Namecheap - Let's Encrypt https://www.youtube.com/watch?v=XxMbLr4ytCM
The videos he provides under Useful links are most helpful.
Thanks for your routine; it is a big time saver!
I am also hosted on Namecheap. The add-on domains are folders under public_html.
I copied certsage.php into each add-on domain folder. Then I ran for each add-on domain:
That works okay.
Please comment if I should have done something different.
Also, I wondered if you could add an option to Acquire a production certificate and install it in one step. I would always want to do both.
Thanks I changed ../ to ../../ in line 18 as you said. I was expecting it to create a new CertSage folder here:
But it did not create a new CertSage folder. So there is no new password.txt file.
The way I did it before this change meant that I could use the same password for all my add-on domains. I got the password from the file password.txt which was created in this directory: /public_html/CertSage/
Is that a big security risk?
When /public_html/certsage.php has ../CertSage on line 18, its data (e.g. password) will be in /CertSage
When /public_html/AddonDomain.com/certsage.php has ../../CertSage on line 18, its data (e.g. password) will also be in /CertSage, which will correctly result in both the primary and addon domains using the same ACME account keys in /CertSage
When /public_html/AddonDomain.com/certsage.php has ../CertSage on line 18, its data (e.g. password) will dangerously be in /public_html/CertSage, which will be accessible from the public internet via https://PrimaryDomain.com/CertSage/SensitiveFile
Using FTP, copy certsage.php (modified in line 18) to each Addon domain folder.
Run: AddonDomain . com/certsage.php
Under Acquire Certificate, change the domains to: AddonDomainName.com www.AddonDomainName.com
Enter the password
Click Aquire Production certifcate.
Wait for Success message.
Under Install Certificate into cPanel, enter the same password as above
Click Install Certificate into cPanel
Wait for Success message.
Repeat entire procedure for the next AddonDomainName.
OK? I assume there is no shortcut.
(As mentioned before: it would be good if you could add an option to Acquire a production certificate and install it in one step. I would always want to do both).
Thanks very much for your help. I would have left the password exposed without it!