I’ve found a quick and rather easy way to generate Let’s Encrypt certificates on my local OS X machine and implementing them on my (non-root) shared hosting account.
This is what you need:
- Shared hosting account with the ability to upload manual SSL certificates
- SSH access to your hosting account (root access not required)
Begin with installing Let’s Encrypt via Terminal:
git clone https://github.com/letsencrypt/letsencrypt
Now you begin with creating the certificates locally by defining key size and the domains:
./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d yourdomain.com -d www.yourdomain.com
In the next stept Let’s Encrypt wants to verify, if you have really access to your domains. This looks like this:
Make sure your web server displays the following content at http://www.yourdomain.com/.well-known/acme-challenge/weoEFKS-aasksdSKCKEIFIXCNKSKQwa3d35ds30_sDKIS before continuing: weoEFKS-aasksdSKCKEIFIXCNKSKQwa3d35ds30_sDKIS.Rso39djaklj3sdlkjckxmsne3a Content-Type header MUST be set to text/plain.
Open a second Terminal window in order to log into your SSH account of your webhost and create the folders into the main directory of your domain:
mkdir -p .well-known/acme-challenge
Create the file by copy and paste the parts of the Let’s Encrypt domain verification (verification code exemplary only - you need your output from the first Terminal window). This would look like this:
echo -n "weoEFKS-aasksdSKCKEIFIXCNKSKQwa3d35ds30_sDKIS.Rso39djaklj3sdlkjckxmsne3a" > weoEFKS-aasksdSKCKEIFIXCNKSKQwa3d35ds30_sDKIS
Switch to your other Terminal window to continue the verfication process with the Let’s Enrcypt client. If you defined the domain with “yourdomain.com” and “www.yourdomain.com” (you should), Let’s Encrypt will ask for a second verification. Just repeat the step above with the second verification code. Now you can close your SSH Terminal window with:
Get your certificates (.pem files):
sudo ls -la /etc/letsencrypt/live/www.yourdomain.com
Switch to OS X root mode:
sudo su Enter your admin password of your local account
There it is! Your certificates Now you can open then to copy/paste the content into the SSL configuration of your webhost!
CRT is cert1.pem
Private Key or PrivKey is privkey1.pem
CA is chain1.pem
Sources (all in German)