Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I'm getting a 404 for http://juanita.org.uk/certsage.php and you should NEVER have password.txt (or a CertSage data directory or any of its contents) in your public_html folder (or ANY of its subfolders). Anything in public_html is accessible from the internet. Having confidential information located there creates a significant security risk. If you are attempting to use CertSage with multiple domain names hosted under one cPanel account, there are extra steps you need to take to configure things correctly, but it can be done (griffin.software and certsage.com are configured this way).
cPanel hosts the first/primary/main domain name directly in /public_html and subsequent/secondary/add-on domain names in subfolders inside /public_html. There is a subdomain of the primary domain name associated with each of these secondary domain names. For example, primary.com would have its webroot as /public_html and be accessible via http://primary.com while secondary.com would have its webroot as /public_html/secondary.com and be accessible via http://secondary.com and http://secondary.com.primary.com (no, I'm not kidding; try it). For primary.com, CertSage can be used in the simplest, standard way. If you want to be clever, you could modify line 18 of that certsage.php from "../CertSage" to "../CertSage.primary.com" just to make it very clear which domain name that CertSage folder belongs to. For secondary.com, there are a few more steps.
When you put a copy of certsage.php in /public_html/secondary.com, you should modify line 18 of its certsage.php to have "../../CertSage.secondary.com" instead of just "../CertSage". This will create a unique data directory (and password.txt file and Let's Encrypt ACME account) for secondary.com. Each ACME account has its own set of email addresses for receiving expiration notices, so you'll need to register those individually for each domain name. You can modify any password.txt file to contain whatever you want to use for your CertSage password. You can make them all the same if you wish. You need to add an A record to your DNS for primary.com (at the real DNS provider, not inside cPanel) that points a subdomain named secondary.com to the same IP address as the A record for primary.com (usually denoted with an @ symbol as the subdomain name).
When you request a certificate for secondary.com using CertSage, you should specify secondary.com, mail.secondary.com, and secondary.com.primary.com (and www.secondary.com if you use it) as the domain names in the box for which you wish to acquire a certificate. You can install that certificate into cPanel using the button in CertSage per usual. However, to force HTTP to HTTPS redirection for secondary.com, you need to log into your cPanel (https://primary.com:2083/). Go to the Domains section in cPanel and click on the Domains tool in that section. Expand the section for secondary.com.primary.com and toggle Force HTTPS Redirect to "on".
Hi Griffin, I do apologise but as I am not a techy I thought I had followed the instructions for certsage in 2023 and have been renewing since then with no problem. the domain juanita.org.uk is fairly new so I had not uploaded a ssl yet.
I am confused about making sure I do not put things in the public_html folder. juanita.org.uk is the primary and the other websites under this in the cpanel.
I have taken a screen shot of where the public_hmtl and sub folders are, is this all wrong then ?
I also tried to look at the link - certsage.com but nothing there?
As a general rule, you should never have a CertSage folder inside public_html (or its subfolders or their subfolders...) for the reason I stated above. All CertSage folders should be peers of public_html (meaning at the same level of the folder tree as public_html), not children or subchildren of public_html. To get things back on track, I recommend immediately deleting all CertSage folders anywhere inside public_html then following the instructions I provided above with particular emphasis on modifying line 18 of the certsage.php copies to push their CertSage folders down to the same level as public_html. To better understand how this works, a "." in a path string like line 18 means "the folder where that certsage.php file is located" while a ".." means "the parent folder of the folder where that certsage.php file is located", so something like "../../" means "the parent folder of the parent folder". In this way, you can direct certsage.php to "walk down" the folder tree one parent folder at a time to create/find its CertSage directory. For example, a certsage.php file located directly inside public_html would have "../CertSage.domainname" on its line 18 while a certsage.php file located inside public_html/domainname would have "../../CertSage.domainname". In this way you'll end up with a set of CertSage folders that are peers of public_html.
@Firestar After you've done so what @griffin says above, you should remove password.txt immediately, as it has been leaked. Then go to the certage.php page, and it will re-generate a new password.txt file for future use.
