Will "Let's Encrypt" contact my hosting company


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: thedoorwayforbetterhealth.com

My hosting provider, if applicable, is: Site5

This is a part of my conversation with Site5. They are S and I am D
• S
In that case they can contact us proving the support code and we can install it for you.
You or third party cannot install the SSL certificate from your end, you will need to provide us the certificate bundle and we will install it for you.
• D
how do I give you the certificate bundle? is it just a number or is it something more?
• S
You can contact your SSL provider and ask them to provide the CA bundle, private key and certificate so that we can install it from our end for you.


#2

Question from your title:
Will “Let’s Encrypt” contact my hosting company
The answer to that is no.

To solution your problem:
Your hosting company want your entire cert (private and public parts) to enable TLS/SSL. (which sounds bad)
And you want to use Let’s Encrypt (which is good)
The choices are limited to obtaining the cert manually online (via resources like: https://sslforfree.com/)
But this is really not a good choice as it can’t be automated; This will require manual intervention (on your part and theirs) before the cert expires [every 90 days].

See: Web Hosting who support Let's Encrypt


#3

Hi @thedoorway,

The short answer is no. I’m glad you want to add HTTPS to your site. Unfortunately, it sounds like your hosting provider is of the type that requires you to manually issue and upload your own certificate. That’s not the recommended way to do things these days. Instead, the easiest thing is for your hosting provider to request and install your certificate themselves. There’s a list of hosting providers that support Let’s Encrypt here: Web Hosting who support Let's Encrypt. Using one of them will make the process of configuring HTTPS much easier.


#4

Can you also tell why that sounds bad? Is it because of privacy concerns? Or because it cannot be automated that way?


#5

Sure.
Anytime you handout the private key = BAD.

And to add “insult to injury” you also can’t automate it = TIME CONSUMING.


#6

If there isn’t any other way to install the certificate, you’ll have to… In the end, the private key needs to end up on the webserver.


#7

And the transfer/delivery?
Isn’t that probably via email?
If so, then it is also in at least a couple of mail systems too!


#8

Obviously it’s far from ideal, at least.

But the fact the hosting provider wants the cert and private key: well, it needs the private key. Without the private key, no SSL/TLS.

So stating that it’s bad if the hosting provider wants the private key doesn’t add up without the extra statements such as the possibly insecure transfer of the key.


#9

…if only there was a way to give them a file that they could use to add the cert to a system - without anyone being able to see the contents…

Or at least place the file on the server yourself - to minimize the extra insecurity.


#10

@rg305 Cloudflare has something related to this https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/

(but you still need your own server!)

(I agree with @jsha’s answer to @thedoorway’s question.)


closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.