Why is there no simple help?

Ive just been moved from a hosting provider that had Lets encrypt SSL as a simple one click, auto renew thing and its been great. Then that provider got sold and i have been migrated to a new one - and all of a sudden my SSL certs start expiring. Turns out this new provider doesnt support the easy one-click thing.

So i came here to try and figure out how i go about renewing my certs once i found out that the LetsEncrypt thing was responsible for the certificates im using,

After 4 hours trying to make head or tail of the information on this site, I've given up. There is no help, there doesn't seem to be a simple "for non-techy people who just want a certificate" option . Plenty of cryptic techno-babble about CA;'s and ACME-Challenges and Shell Access and roots and stuff - but nothing that walks a non-technical person through the process. And this forum is useless as again, if you dont know what you are asking for you are just stumbling round in the dark. Like other sites there seems to be a huge amount of assumed knowledge, that the beginner or non-technical simply dont have.

I know many of the more tech minded will see this as "just ranting" and you are right. I am. Because I cannot figure out how to do something, that i need to do in order to get my client back on the air. And there doesn't seem to be any recourse other than this "user forum". This "provide a service and only have community help" model seems to be a thing within the web industry, and i have to say it just doesnt work.

I dont know what it is i should be asking other than "How do I get a certificate" and the "help" is about as much use as a chocolate teapot. And pointing me to the "getting started" page on this site wont cut it as i've been there read it several times and i'm still non the wiser. Meanwhile i have a client who's site cant be reached, and ive so far spent 4 days surfing trying to get an answer to "how do i get a certificate renewed".

Im not a complete technical idiot, but my experience level is far higher up the stack at the design and build part. So if anyone can point me at a "simple and clear" instruction for how to get my certificates renewed before the next lot expire id be grateful. And if someone at Lets encrypt could actually put together a simple guide for the non-technical that would be great.

In the meantime i guess ill have to try and see if i can buy a SSL certificate that i dont need just to keep Google happy.

Hello @tonyn, welcome to the Let's Encrypt community.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

I understand what you are saying @tonyn; however we have a difficult time knowing what each individual audience member knows. So we have the questionnaire to help give us a baseline as to to the individual's knowledge about their hosting provider, their access to change the web host, etc. The questionnaire is not to judge individuals but to help us address their needs.

Shared hosting without automated SSL is pretty much the worst situation to find yourself in. There are no good choices. What you are saying is completely valid.

On https://letsencrypt.org/docs/godaddy/ there is a choice quote:

We don’t recommend using Let’s Encrypt certificates on hosting providers that don’t directly implement the ACME protocol, because it means you can’t fully automate renewals

which I fully agree with. Just go buy a 1 year certificate from ssl2buy for <$10 and save yourself the trouble.

There are so many affordable (even freemium) shared hosting options that provide free automated SSL. As time goes on, I feel only more strongly that choosing a host without automated SSL is a big mistake. The hosting platforms (cPanel, Plesk) have all caught up and include this as a basic feature for years now.

You might want to look here Web Hosting who support Let's Encrypt for a hosting provider that support ACME and Let's Encrypt in an easier fashion.
And an older one CDN Providers who support Let’s Encrypt.

As an aside, you can use Cloudflare (free) as your domain DNS provider and you get free certs (some of which come from Let's Encrypt) automatically. This is one of the simplest ways to present your site with https without actually having to maintain the certs on your server. There's disadvantages to that as well, but they may not be ones you care about.

And somehow this forum is to blame for the shortcomings of your new provider?

There is no one-size fits all guide that can resolve everyone's certificate problems.

The obvious "quick fix" to your current situation is for you to switch to a provider that has a "simple one click" button - there are plenty to choose from.

That's because for the non-tech people, on shared hosting the hosting provider SHOULD (IMO) take care of all the certificate stuff. You, as a non-tech person, should not be bothered to come to this Community at all.

Now, you didn't choose for your hosting provider to be sold to another one with less service, but I'm pretty sure such a sale opens up your contract with your previous provider so you could, if you wanted to*, switch to a hosting provider which does have adequate Let's Encrypt support (i.e.: free and automatically, without even having to click a single button).

That's not a nice thing to say. Most of the people here are just volunteers, trying to help as many people in their free, spare time.

That's because it just isn't simple.

Fundamentally, hosting a website is quite complicated. Recognizing (to a degree, at least) that complexity, and recognizing that you're either unable or unwilling to master that complexity, you've chosen to outsource it to a hosting provider. Well and good; many people do the same.

The problem arises when the hosting provider you're using refuses to do their job, as yours has. And really, the best answer is what's already been said: vote with your wallet, and move to a less user-hostile web host.

You're frustrated because this forum, and the service it supports, really aren't for you. They aren't designed to be. Let's Encrypt provides a means for system administrators to quickly and easily obtain a cert at no cost. Yes, people other than sysadmins can use it, but that's really the target. It's your web host who should be using Let's Encrypt. If yours won't, find one who will. Or don't, if it isn't that important to you.

"And somehow this forum is to blame for the shortcomings of your new provider?"

Where did i say that? Nowhere. But the type of sanctimonious reply that you gave is exactly why I really don't like these types of "community" forums. Most of the responses i have had here have at least been sympathetic, or offered some help or guidance, or given some options - and i really appreciate those responses. .

My complaint is, that like many Tech sites driven by these types of forums, unless you know what you don't know, getting help often falls somewhere between hard and impossible, and at the very least exceedingly time consuming and often the advise you get is conflicting.

I really appreciate the help given so far by others, it hasn't solved my problem yet, but has given me a little knowledge in order to try and solve it (or a workaround that will get my clients back on line).

My point was, and still is, that there is no "Simple" guide for non- (or limited) technical people. The documentation in the getting started area seems to assume a LOT of previous knowledge, and familiarity with tools, terminology etc. (Good example is the actual questionnaire ive been asked to provide - when it says " The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):" - Err... where, how do i do that?

Its a very common problem that i have seen for years within the tech world where documentation simply tells you "what to do" not why or how. And if you don't have that context, it is very difficult to understand what it is you are supposed to do.

And switching 50 odd sites to another provider is not a "quick fix". Its taken me two months and lost me a lot of money being shifted to the one I'm with now and sort out the myriad of issues that changing led to, so I'm a tad reluctant to start that process again.

On a side note, im also currently recovering from cancer treatment that has left my ability to concentrate drastically reduced, and dealing with looking after an elderly parent with dementia - all while trying to maintain what's left of my business. Perhaps before biting peoples head off in future you consider that they might just be really stressed out while desperately trying to solve an issue not of thire making and that a little kindness can go a long way.

Cheers.

That is true. Let’s Encrypt is intended to be used automatically, by the software running in your website.

Shared hosting platforms that don’t support easy automated integration are not a good fit for what we offer. I’m sorry if that’s not good news for you.

I agree wholeheartedly. Unfortunately as i say, i was migrated without knowing what was and wasn't available with the new company. Moving 50odd sites again so soon is currently not an option. (I wish it were!)

As for "This forum is useless" - As far as helping me goes, it is. However, you will notice that i did NOT at any point, put down anyone here nor imply that people were useless. I know that most of the people are volunteers, and most do a great job in trying to help. What i was saying was that as someone with very little to no idea of what to ask, this (and any other community forum) is, in my opinion, useless.

If i have enough knowledge to be able to formulate a specific question that would allow someone to answer, then it would be helpful. But with virtually zero knowledge, i cant ask a question - which makes it useless to me. My overall point is that the getting started guide is, again in my opinion, aimed at far to high a level for the beginer and without that basic understanding i (or other beginers) cant formulate a question that the people here could help with.

I "could have said "My SSL Certificates dont work, What do i do?" - And would have rightly been met with a barrage of "What do you mean by don't work type answers."

I hope that clears up my use of the phrase useless. Because to me, at this stage in my SSL journey, "the forum" is. It doesn't mean that the people in here, who i can see are generally trying to help as much as possible, are.

Cheers

Hi. No need to be sorry, its not your fault.

What i dont understand is that several people keep telling me that i just need to create/renew the LE certificate and then paste it into the form on my control panel. Where / how do i create the certificate on the Lets Encrypt site, i cant seem to find anything that lets me do that? (Or have i been steered down a false path?)

Hi Dan.

I agree wholeheartedly.

Cheers

You don't--Let's Encrypt doesn't support (and has never supported) being used in this way. There are some third-party, web-based clients out there, but since they're really the opposite of how Let's Encrypt is intended to be used, they really aren't recommended. Edit: and even if you did use one of them, you'd have to repeat the process every 60 days or so--the certs are only valid for 90 days.

Thanks Bruce.

I have confirmed that my new provider doesn't support LE. However changing again at this time is not an option for me, so i'm going to have to find a short term solution - Probably by buying a cert from them in order to keep my clients up until I'm able to re-migrate.

Thanks.

If your hosting provider can run PHP scripts, one solution might be CertSage ACME client (version 1.2.0) - easy webpage interface, optimized for cPanel, no commands to type, root not required

There are other ways to do it "by hand", if you want, but they aren't always so easy. Most options are command-line tools. Certbot Instructions | Certbot is one example of that. It is intended to be run automatically, but you can run it yourself, and then upload the certificate and key (assuming your provider has some interface to do that). It isn't well documented because so many steps will depend on the specifics of your hosting provider.

Awesome. Thank you, that may be the solution I can use. Thank you, that is much appreciated!

As an added bonus, I will soon be releasing an upgraded version of CertSage that will offer password protection AND installation of certificates in cPanel at the press of a single button rather than needing to follow those lengthy instructions.

Live and let live.
Live long and prosper.

Cheers