I have seen a long list of command lines, but no indication of where or how these commands should be entered, or if they will work on my shared hosting website. Where are the installation instructions for non-geeks?
Try my client: https://github.com/Neilpang/le.git
You need only 3 minutes to learn.
Thanks, but I need more help :-).
How do I know if I have Bash installed and if it is installed correctly?
Where do I run “./le.sh install”?
How do I open, and close a terminal?
Will it work in a shared hosting environment?
Would the “standalone” version be better on a shared hosting environment?
Will it work on a WordPress multisite?
Would I have to install a certificate for each domain on a WordPress multisite?
I am using cPanel Pro 1.0 (RC1)
The server uses Apache Version 2.2.29
I do not have root access.
If it’s bash. it’s ok.
LE might not be ready for you if you aren’t comfortable with those terms. There is some work in the cPanel area on adding LE integration through a plugin, it may be worth investigating that (https://features.cpanel.net/topic/provide-support-for-lets-encrypt-automated-certificate-management-ssl).
You could try doing a site like: https://www.sslforfree.com/ that helps with the manual issuance of LE certificates, but this method would ALWAYS be manual for you, so you’d have to manually repeat it every 90 days.
It all seems very complicated. Where does one type in “echo $SHELL”?
I’m with @benjaminarthurt on this one… If the term “shell” isn’t a common term for you, you should contact your hoster and ask if they’ve got support for Let’s Encrypt.
I am comfortable with using the command line on my Windows computer, but I can’t find any shell or command line in cpanel.
I tried that two times now and it didn’t work. I sent them an e-mail with a screenshot; the process got stuck on the webpage “Generating SSL Certificate Securely”, and that was it…
I’m not sure if I qualify to answer your question as a geek or a non-geek, but Let’s Encrypt still needs a lot of 3rd party support to simplify its installation/deployment process so that the average non-technical user can handle it in a meaningful way. Which is okay, LE is still in Beta after all.
If you are in my situation (operating website on shared hosting) then the main obstacle for an automatic deployment is the lack of root privilege. Most scripts and the like that the LE community developed require something to that extent, and it won’t be helpful unless you have sudo/root powers (or something similar). This means the hosting provider will have to install it for you, which is probably not something they would do out of the ordinary for free. The other alternative available is to manually generate and install the cert, which is not a good way to go about deploying LE certs since LE certs expire after 90 days. That means you have to reinstall the certification once every month or so, and it leaves room for more problems or for the cert to expire if it isn’t updated on time.
So what I’d recommend is wait until one of the more user-friendly applications integrate LE (such as cpanel, or whichever web-based interface your hosting provider gives you to control your service) so it can be done in a way that Let’s Encrypt was intended to be deployed. Or maybe someone in the community can come up with an alternative solution that’s user friendly.
It is beginning to look like SSL is presently only for geeks
Alternatively, I could pay exorbitant amounts of money to my hosting provider to provide SSL. Even if I provide my own SSL certificate (which also seems to be only possible for geeks), my hosting provider will charge me $19.00 per month extra.
There is always a slight cost - whether it's a cost in terms of peoples time to learn, it's cost in terms of paying someone else to do it.
As a slight geek, my advice would be to change hosting provider - that is a ridiculous amount to charge
There are plenty of hosting companies that will provide the SSL for free, or a minimal cost.
I tried again at https://www.sslforfree.com/, this time with a different browser and I managed to get a SSL certificate. I downloaded the certificate, private key and CA bundle.
I tried to follow the cPanel instructions here:
but to no avail. My cPanel is missing the SSL/TLS Manager so I am unable to follow those instructions.
I looked at the Apache instructions and ran into the mysterious terminal again, ie. “…run the following command in terminal…” I don’t know what that terminal is or how to find it, so I am unable to follow those instructions.
I think $19.00 per month (forever more) is too high a price to pay to my hosting provider to install my certificate especially when others can get SSL without paying anything at all. I have a WordPress multisite and I absolutely do not relish the thought of moving everything to a new hosting provider, and I will have find a tech person and pay him/her to do it. I don’t have the money for that now. Sadly, I might have to wait until SSL is available to non-geeks.
I’d suggest having a look at the list of web hosts that support Let’s Encrypt since these will provide free SSL, and some will certainly use cpanel ( if you want to retain that). I have no association with any of those hosts - from a quick look though there is at least one that uses cpanel, free SSL, for $10 / month and will do do the transfer of your account over for you.
This looks very interesting. I will definitely check it out. Thanks.
Hi @LSA, most web servers are running a Unix environment which is primarily configured through a command-line interface of its own, similar to the command line on your Windows machine but with a somewhat different set of commands, and able to be accessed remotely over the Internet.
About 90% of the tools and instructions for using Let's Encrypt are based on working in this kind of environment. For example, the Python client software that we developed is meant to be used in this environment.
In order to access the command line on a web server, you need to use SSH. Since you're connecting from a Windows computer, you could use PuTTY or similar tools to make an SSH connection.
A program like PuTTY could give you access to use the Unix command line on a server if you have an appropriate account on that server. This is a main way that many people are used to administering their hosting accounts. However, not all web hosts give you access to the Unix command line on their systems, and not all of those that do will give you access to reconfigure the web servers. This is an extremely large variable between different web hosts.
For hosting providers that don't offer this kind of access, one option is to use something like the web-based clients (like you did with the sslforfree site) and then upload the certs. Of course in this case your hosting provider needs to choose to allow you to upload externally-obtained certs; many do but some don't. Another option is to get the hosting provider itself to create Let's Encrypt integration for its own services so that customers can get certificates automatically or from within the provider's official management user interface.
If hosting providers don't offer these options, there's not really anything that we can do. Every provider's configuration is different, and every provider determines for itself whether or not it will provide the kinds of access that our tools and other people's tools require.
That's one reason that @serverco's advice above is very helpful -- you can compare and contrast providers and see what they do and don't offer. And you can potentially also help the larger community of users by letting providers know that the ability to get and install certificates is important to you.
This is very interesting information. I will check out PuTTY, but I do not hold high hopes as it looks just as complicated as every other Linux information I have seen. So far, I have made inquiries to two hosting providers. I got answers from one below that provides free SSL:
- What exactly is a 256-bit shared SSL certificate?
- Do I need a dedicated IP address?
- Can I get the the SSL/TLS Manager in my cPanel?
- Will I have terminal access?
- Will I have root access?
- Can I use my own dedicated SSL certificate from letsencrypt.org?
- Our 256-bit shared SSL is Lets Encrypt SSL! - So yes we provide Lets encrypt SSL without the need to do anything but click “Install” from within cPanel.
- No dedicated IP address is required because of SNI technology.
- Yes we support SSL/TLS manager in cPanel.
- We provide SSH access on all accounts other than the cheapest one available - if you choose this package you’re not entitled to SSH.
- You won’t have root access on a shared server, as it’s shared.
- Please see answer 1).
As for my current hosting provider; they will install my own SSL certificate from Let’s Encrypt for $27.00 extra per year (not $19.00 per month as I mistakenly reported earlier). I have not yet learned details about if they will handle automatic renewals for me for the yearly fee. Or, if there are any issues with multiple domains.
My questions now:
Is the shared SNI SSL just as good as having one’s own private SSL certificate?
Will SNI work on all sites when I have a WordPress multi-site with 7 toplevel domains?
Is SNI PCI-compliant?
Try to read this: Server Name Indication - Wikipedia
So, you first question doesn't make sense.
Second question: yes
Third question: Most likely yes (too lazy to read that compliance guide)
There isn't an issue with SNI being PCI-compliant, however if you want full PCI compliance then that is generally difficult on a shared hosting environment.
Also, if you aren't sure of using PUTTY, I would have thought the question of "can you do a cpanel transfer of my account to copy everything across for me" was far more important than if they will give you SSH and root access.
@LSA, to be clear, PuTTY is just a way of accessing the command line on a remote server (such as a Linux server) and doesn't make whatever you're actually doing on that server any easier or harder or different.
I think that all of our existing documentation is intended for people who have at least some familiarity with system administration of the web servers that they're working with, and other folks -- like the provider that you got in contact with -- can provide their own additional forms of integration that may be more automated.