What script to paste in cron to install certs? Have cron, cURL, openSSL shared so prob not sudo

Please fill out the fields below so we can help you better.

My domain is:www.PCMHpcc.com

I ran this command: cron

It produced this output: —dunno what script to run, or whether it needs sudo which I think I don’t have, since shared hosting.

My operating system is (include version): CloudLinux 6.x Operating System with Apache, MySQL, PHP, Perl and more

My web server is (include version):Apache (Wordpress)

My hosting provider, if applicable, is: Namecheap (boo) shared hosting

I can login to a root shell on my machine (yes or no, or I don’t know): Maybe ‘jailed’ ssh maybe not for shared hosting have to request it–SFTP IS available @ port 21098. Cron IS available, + openSSL, cURL, WordPress, PHP scripts, Python and Perl scripts,curl request

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel without LE plugin
There WAS a Wordpress plugin, WP Encrypt, but no longer supported. That would be ideal.

Hi @VWFeature,

Did you manage to get a certificate at all? Normally scripts in cron are used for automated renewal of an existing cert, not for the initially issuance and configuration. Initial issuance and configuration is normally done by running a client application from the command line.

If you don’t have root access, it’s pretty unlikely that you’ll be able to perform automated renewals at all, because you may need the permission of the hosting provider to install certificates. You might be able to use the HTTP-01 challenge to obtain the certificates. What ability or procedure do you have to install certificates right now?

[quote=“VWFeature, post:1, topic:31478”]
[/quote]I didn’t know what script to run, so haven’t tried any script yet. I can get a cert at https://zerossl.com/free-ssl/#crt, and install thru cPanel SSL/TLS Manager, so initial would be ok, and could use cron only for renewal. Can I do that without root?

Or does being able to install thru SSL manager imply root? When they allow “jailed SSL”, what does that allow, and what about SFTP ? How can I test HTTP-01 challenge?

Unfortunately, this doesn't make sense because cron is about running commands on that machine. If you use ZeroSSL, that's an interactive process that you (as a human being) will have to repeat every time the certificate expires. It's not a command or a script at all, so cron can't do it for you.

When you got your certificate with ZeroSSL, did you create files on your site when requested to, in order to prove that you controlled the domain? If so, the HTTP-01 challenge worked (that's what ZeroSSL was using in that situation).

Is there a different level of permission needed for initial and renewals?
I can copy and paste a cron script, but I don’t know the syntax well enough to not make errors without fairly explicit directions. I can sub “yourDomain.com” and similar.

Haven’t yet gotten the cert from zeroSSL; cruumped out last night & wasn’t sure if it would be compatible w auto renewal.

I have file manager, so I can definitely create/change files on that server.

Hi @VWFeature,

[quote="VWFeature, post:7, topic:31478, full:true"]
Is there a different level of permission needed for initial and renewals?I can copy and paste a cron script, but I don't know the syntax well enough to not make errors without fairly explicit directions. I can sub "yourDomain.com" and similar.[/quote]

No, I wrongly thought from what you said that you had already obtained and installed a certificate and were now wondering how to renew it. It's too early to think about renewals before you've obtained and installed your certificate.

It won't be, but I was also curious about the results because that would confirm whether you can use HTTP-01, and you could also then tell us more about how you can install certificates.

It's very unlikely that you can set up any kind of successful automated renewal on your system without root access. I don't think I've ever heard of someone successfully doing so on shared hosting, although it's theoretically possible in a minority of cases (involving additional programming work).

So, another reason that ZeroSSL may be relevant if you plan to stay with your current host is that automated renewal may not be possible for you. In that case, the work to get Certbot working might simply not be worth it for you, because automated renewal is one of the biggest benefits Certbot offers (when you do have root access).

That basically depends on how that auto-renewal would be done. The resulting certificate file is basically fullchain and the key is ... well, the key. So for example le.pl client would renew based on those files just fine. As long as it's clear where the files should be and how they should be named, I don't see why that would not work in most of the cases. However, online client by itself is interactive, so auto-renew with that alone would not be possible of course.

NB: Regarding your hoster, you may also check the the support discussions and the knowledge base - I believe the manual installation is not quite encouraged there and not guaranteed to work (though I believe it is still doable and some comments confirm that). To avoid potential headache later on, you might consider getting a VPS - the prices will likely be on par with shared hosting prices or even cheaper. See for example https://lowendbox.com/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.