Tutorial for OS X local certificates and Shared Hosting

That is a helpful clarification abut 2 files being needed, but that is not what it says above. Using sftp with my web hosts shared ssl has worked for years until I followed the instructions above.

If all you changed was adding 2 files and a folder via whatever ftp method, and you HAVEN’T installed any certs via cpanel, then the issue is your hosting.

Let me clarify, it could be that your default SSL cert for your hosting on your computer was somehow overrided, which doesnt make sense, but a fix would be backup and rename your .ssh folder in your Mac home folder. This will all you to connect via sftp, and show the pop for confirmation that you want to allow access to this web host.

It’s a hidden file, so either enable hidden files or you could run a command via terminal to rename it

I renamed it via the terminal. Tried again…it was recreated…but it still fails.

Odd. I found this but doesnt help, just said changed a setting on the host fixed the issue: https://stackoverflow.com/questions/25677169/eof-while-reading-packet-connection-failed

Could you contact your support telling them EOF issue? It just doesn’t make any sense. I remember having this issue before myself on my vps, and I dont remember the fix.

I have asked my web host (arvixe)…I will see what they say. I am now remembering that the --debug mode I needed (per above) may have changed some permissions on my system…I just do not remember what it did since it scrolled by so fast.

This command fails for me on Yosemite. I have Xcode.
It says Failed building wheel for cffi
Command "/Users/me/.local/share/letsencrypt/bin/python2.7 -c "import setuptools… failed with error code 1 in /private/var/folders/5r/77hy8f_14y1_c9vkzkj5k2i40000gn/T/pip-build-6UUdnc/cffi

It’s possible that libffi is missing. It can be installed manually. But before you go ahead, ask the #letsencrypt IRC channel here: https://webchat.freenode.net

Yep. Doing “brew install libffi” fixed it. Now the curses based UI runs.
However shared hosting remains a problem.
I installed the files on the server that the curses UI says to, in .well-known/acme-challenge, but after that it crashes.
I’m analyzing the Javascript option now i.e. this: gethttpsforfree

Hi guys. I was able to generate the certificate for my domain using this tutorial. However, when importing it to my hosting provider (mediatemple), it says, “Error: the key is invalid.”

I copy/pasted the key as-is from privkey1.pem

I even recreated the certificate to get a new key, cert, and chain, but I’m still getting the invalid key error when trying to import the certificate. What am I doing wrong? Please help!

are you doing a file import ? or pasting it into the hosts control panel ?

is pasting make sure you include the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- lines, but no additional blank lines ( although I have seen one control panel that needed a single blank line at the end )

I’m pasting it, together with -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----

I’ve changed it to -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----

I’ve also tried adding a blank line at the end.

Still getting Error: The Key is invalid.

Just a quick check … is the private key valid ?

openssl rsa -in private.key -check

should give you an OK (or not) at the top.

1 Like

I entered the following in terminal: openssl rss -in privkey1.pem -check

It showed:

RSA key ok
writing RSA key

followed by the key

it looked different than viewing the key from the privkey1.pm file

I copy/pasted the key that showed after the openssl command, now it’s working. Certificate imported successfully. Thank you!

1 Like

This method worked fine for me after a few attempts but when I uploaded my Certificate and Key, I had to do a Certificate Signing Request through my host and it all seemed to go fine but when I go to the site I get:

This site can’t provide a secure connection

www.XXXXXXX.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

The host thinks it’s a certificate error.

Has anyone seen this when generating your cert with this method?

thx

I ran into problems on the third step “Now you begin with creating the certificates locally by defining key size and the domains:./letsencrypt-auto --debug cetonly -a manual -rsa-key-size 4096 -d [domain] -d www.[domain]

Using Mac OS El Capitan.

Got the following errors:

/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:inrequire’: cannot load such file – mach (LoadError)
from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in require' from /usr/local/Library/Homebrew/extend/pathname.rb:2:in<top (required)>'
from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in require' from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:inrequire’
from /usr/local/Library/Homebrew/global.rb:3:in <top (required)>' from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:inrequire’
from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:55:in require' from /usr/local/Library/brew.rb:15:in'`

Does anyone know what this is all about?

step 3 didn’t work for me
I using ubuntu
in letsencrypt I run this comand
./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d yourdomain.com -d www.yourdomain.com
but didn’t work display error letsencrypt-auto: command not found
can anyone help

You are replying to an old thread about OSX (lots has changed since then) and you are running ubuntu (not OSX). I’d suggest ideally starting a new thread with your issue.

Alternatively, if you don’t want to start a new thread, please tell us about your system, how you installed certbot / letsencrypt etc.

actualy I have intall SSL with shared hosting website
I follow this article

So what specific issue do you have ? and what commands di you run in order to get there ?

Hi
tried this on both windows(my pc) & ubuntu(aws ubuntu server)
step1 - run command
git clone https://github.com/letsencrypt/letsencrypt
done successful

step 2 - run command
letsencrypt certonly --manual --email admin@example.com -d example.com -d www.example.com
with my domain name
but didn’t work display error
letsencrypt-auto: command not found