Here are the steps I carried out to use a free https://letsencrypt.org/ with my domains that are hosted on shared hosting using cPanel. This works with my host (http://ybhosting.co.uk) but I can’t promise that it will work with all cPanel hosts.
This approach uses https://gethttpsforfree.com/ which uses Let’s Encrypt in manual mode but does guide you through the process quite well. I also use an Ubuntu 16.04 machine with SSH installed to generate most of the private keys required.
- If you haven’t used Let’s Encrypt before you will need to generate a public key. I generated this key on my Ubuntu machine. The commands to do this are (copied from the Get HTTPS for Free site):
openssl genrsa 4096 > account.key
openssl rsa -in account.key -pubout
Copy and paste the result into the box in Step 1. Obviously, if you already have account.key then you only need to carry out the last step and if you’ve saved the public key then just paste it in. You can use this key in future requests on https://gethttpsforfree.com/
- Click ‘Validate Account Info’, if everything is OK go to your cPanel Main page.
- Click on the SSL/TLS link under Security (or your equivalent)
- Click on Private Key
- Accept the default type, Add a description and click Generate
- Return to the SSL Manager
- Click on Certificate Signing Requests (CSR)
- Fill out the form and click on Generate
- Copy the resultant CSR to the box in Step 2 of https://gethttpsforfree.com/
- Open a terminal window on your Linux machine, cd to the folder containing your Let’s Encrypt account private key.
- Copy each of the three strings in step 3 of https://gethttpsforfree.com/ in turn into the command prompt. Copy the hex digits returned back to Step 3 (ignore the ‘(stdin) = ‘ part.
- Click on Validate Signatures.
- If all is OK it will open up Step 4.
- This gives you a new signature to obtain from your terminal window.
- I used option 2 – file based confirmation:
- I used FTP to create the necessary folders and upload the file shown. The ‘How to I do this’ link on https://gethttpsforfree.com/ was helpful.
- Click on ‘I’m now serving this file on …’
- You should now be shown your new certificate.
- Return to cPanel. Click on Certificates (CRT). Copy the ‘Signed Certificate’ from https://gethttpsforfree.com/ to the box under ‘Upload a new certificate’. Enter a description and click ‘Save Certificate’
- Return to the SSL Manager
- Click on ‘Install and Manage SSL for your site (HTTPS)’
- Click ‘Browse Certificates’ and choose the one you just saved
- Select the domain the certificate applies to
- Click Autofill by Domain if the boxes are empty.
- Click Install Certificate – this may take a while to finish.
- Get HTTPS for free links to a site to test your new certificate but that didn’t work straightaway for me. I had to wait an hour or so before the certificate worked. Before that I got a name mismatch. It may be that the ISP had to change something that they did without telling me or something had to propagate. The test URL is: https://www.ssllabs.com/ssltest/analyze.html?d=<your domain>
The certificate obtained is valid for 3 months. After that time you have to go through the whole process again. This is against obtaining a paid for certificate (£20-£30) for a year where there may be more support from your ISP and some amount of automation to the process.