Using Let's Encrypt on 3rd Party Hosting Service

Can i modify the cert and key output path?
3rd party hosting provider does not give access to etc folder but if somehow if we can modify the output path to our public/www folder then I guess we can acheive something.

The challenges (for http) need to be completed via your web root ( so your public_html/www folder … well actually a .well-known/acme-challenge within there) You will still need to upload the resulting certificate manually into cpanel though ( at the current time)

I was talking about the letsencrypt-auto output files. Can we change the path of the files to a custom location.

You can install a proxy that redirects all requests to your challenge server (i.e. the standard standalone client)
After that you can provide the key and certificate to your ISP.

I was trying gethttpsforfree.com but I am having problem with domain verification.

I tried setting up all the files with the content but when I visit the url it’s showing 403 forbidden error.

there was a step stating “Add the static folder to your webserver’s config (if you haven’t already)”. As I am using a 3rd party hosting provider, I don’t have access to edit the webserver’s config file. Any alternative to do this via .htaccess file on apache server.

I think you want this post:

Done. Thanks for everyone’s help.

Tips: Anyone hosting their website on Arvixe (Shared hosting) can install the cert and key file from their cpanel. The cert and key can be obtained from gethttpsforfree.com

Yes indeed it was .htaccess problem.

I am using elgg and it’s htaccess file was blocking any file/folder starting with a dot (.)

serverco speculates that hosting companies would charge money to install LE. This might happen at first, but after LE becomes accepted and standard it is very unlikely to happen anywhere. Hosting companies would compete by offering free certificates (supported by LE). Once this competition starts, it would become standard for hosting companies to install LE for any new customer. Market pressures almost always support progress.

Several people mention CPanel. I feel certain that CPanel will decide to be an early adopter of LE, and may even write their own scripts. I think that CPanel is available by default on most hosting company accounts, so obviously LE itself (and perhaps CPanel) will create CPanel-compatible agents. I would be surprised if just a year from now CPanel doesn’t come with LE built in. I see nothing technical to interfere with the success of the LE vision of an entire World Wide Web made secure through LE-secured TLS.

Use “lescript”, easy configuration and it will do everything for you using PHP curl. Your certs will be saved to your hosting directory. I use it and everything works as expected!

Hello Rohit,

I managed to complete step 1 and step 2 on gethttpsforfree.com site, however step 3 requires running signature commands on terminal.

could you please let me know , how you completed step 3 without having access to terminal/shell

Thanks,
Praveen

That step doesn’t have to be on the server, you can use the shell on your local machine.

1 Like

Hi,

In that case do i have to generate CSR from my local machine? and use private key retrieved from local machine?

It doesn’t matter, steps 1-3 can be any combination of local and remote as long as the account key is the same in steps 1 & 3.

Hi,

Generated CSR and Private key on my debain box, uploaded private key to Cpanel of hosting provider.

And followed all steps as per https://gethttpsforfree.com/ , finally it verifies the string and i get below error.

I have verified, the public key and account key are different , i have renamed my private key to account.key

Step 5: Install Certificate (Error: Certificate signature failed. Please start back at Step 1. {“type”:“urn:acme:error:malformed”,“detail”:“Error creating new cert :: Certificate public key must be different than account key”,“status”:400})

You generate two public/private key pairs: one for your “Let’s Encrypt account” ánd a keypair for your certificate. With the latter, you’ll have to sign the CSR.

Hello Osiris,

I generated two pair of private and public keys in different directory on my debain box using below command.

openssl req -new -newkey rsa:2048 -nodes -out **********_in.csr -keyout *_in.key -subj "/C=IN/ST=Karanataka/L=Bangalore/O=smarteryou/OU=Web Administration/CN=.in"

and i used public key and CSR from first folder to fill step 1 and step 2 on https://gethttpsforfree.com/ and used private key from different folder to sign API as part of step 3., its throwing below error.

Error: Account registration failed. Please start back at Step 1. {“type”:“urn:acme:error:malformed”,“detail”:“JWS verification error”,“status”:400}

NOTE: This website is for people who know how to generate certificate signing requests (CSRs)! If you’re not familiar with how to do this, please use the official Let’s Encrypt client that can automatically issue and install https certificates for you. This website is designed for people who know what they are doing and just want to get their free https certificate.

I suggest running the official Let’s Encrypt client instead :slightly_smiling:

Hi,

I managed to generate certificate for my site. Thank you all for your support.

Soon I will write a small tutorial to install letsencrypt on cpanel without access to hosting terminal.