I logged into the section to manage the certificate but it only confirms that my certificate has expired. They told me that I have to go to the company that issued the certificate. The email alert that I signed up for, works for GoDaddy-issued certificates. So I didn’t get an alert.
It’s worse than useless because it is actually interfering with my readership/clientele. Those visitors may not come back to my site because of the message.
What I found out:
Sometime during the last 3 months, they’ve (GoDaddy) stopped honouring the Certificate Requests and are now sending people to Certbot for that part of the process.
That’s why when you do a search for Let’s Encrypt documentation it brings you to that section – but it doesn’t explain why you’re there.
Now I have to read all the Certbot information to figure out what to do and how to do it.
This is what they actually said in a generic message in “Help”. And this is based on a NEW certificate not a renewal. But I guess I need to do a new one.
“Generate your certificate signing request (CSR). Let’s Encrypt recommends generating your certificate through Certbot but this is not supported on GoDaddy’s cPanel Linux hosting . Instead, you will need to use a third party client to generate your Let’s Encrypt certificate. GoDaddy and Let’s Encrypt do not control or review these third party clients and cannot guarantee their safety or reliability. You can find a list of available options under the Browser section.”
For long term ease-of-use, you may want to change that plan (to one that includes it) or change hosting providers.
For now...
Are you able to install certbot on that system?
Otherwise, it will be a very manual process every <90 days...
I'm not sure you will be able to install cerbot onto that system - it may be "shared" hosting.
If NOT, I'm putting together a (makeshift) step-by-step for you to get a signed cert ASAP.
Must haves:
access to OPENSSL
ability to copy file private key and public cert into the system (probably in cPanel)
[in a secure location - execute the following]
Step#1: openssl req -out rsa.public.csr -new -sha256 -newkey rsa:2048 -nodes -keyout rsa.private.key.pem
Or Step#1 split into two separate steps (optional):
Step#1A: openssl genrsa -out rsa.private.key.pem 2048
Step#1B: openssl req -new -sha256 -key private.key.pem -out rsa.public.csr
Step#2: Send CSR to cert signing authority.
[you can use a site like freessl.org - ensure you click "I have a CSR" (page 2)]
The "verify type" can be either DNS or FILE (do you recall which you did last time?)
[If you have questions or doubts just ask]
Step#3: Recieve a signed public certificate.
Step#4: Load public cert and private key into cPanel.
SSH into the server
SSH into the server running your HTTP website as a user with sudo privileges.
–Is SSH some kind of FTP? I have direct access to the server.
apt install ssh
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
ssh
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 5,204 B of archives.
After this operation, 106 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 ssh all 1:7.6p1-4ubuntu0.3 [5,204 B]
Fetched 5,204 B in 0s (11.3 kB/s)
Selecting previously unselected package ssh.
(Reading database ... 104752 files and directories currently installed.)
Preparing to unpack .../ssh_1%3a7.6p1-4ubuntu0.3_all.deb ...
Unpacking ssh (1:7.6p1-4ubuntu0.3) ...
Setting up ssh (1:7.6p1-4ubuntu0.3) ...
And where are you going to put any files?
And how?
I’m missing a step…
Those instructions are to be executed on the server.
Do you have access to execute anything on the server?
The system responds to SSH, so there is hope for that path:
ssh www.coremagazines.com
The authenticity of host 'www.coremagazines.com (23.229.197.96)' can't be established.
RSA key fingerprint is SHA256:x7B+tYlgu9iFK/1L72M7wgJqAbNv5HADK0KbCdPWFeU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'www.coremagazines.com,23.229.197.96' (RSA) to the list of known hosts.
root@www.coremagazines.com's password:
It refers to a Command Line.
I have an idea but I don’t want to screw up my site.
I think I will pay for the SSL certificate, although it feels like extortion, because my site is literally being held hostage. I have time left on my account and the other options are not practical or reasonable right now.
Thank you so much for helping me with this. I really appreciate it, rg305.
Have a great evening.
Although... indirectly - I do think so too.
Almost every transaction I've had with GoDaddy has always left a bad taste in my mouth.
[case in point - they TOOK $69.99 to help be obtain a domain yesterday - and all they did was take my money - but let's not get sidetracked]
You can better use that money to upgrade your hosting plan.
Or simply put your site behind a free CloudFlare account.
The users would see HTTPS and your backend could be HTTP or HTTPS.
