cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Lets Encrypt SSL

Why is GoDaddy not supporting the free Lets Encrypt SSL certificate option which most good hosts seem to be doing? Is it just to make more money by selling a certificate at $69 a year?

Even specialist WordPress hosting such as WPEngine offer this free option so why not Godadddy?????

1 ACCEPTED SOLUTION
104 REPLIES 104

Hey, uh, Scooter? 

 

This is not a Google problem.  This is a GoDaddy problem.   And it's one they are going to pay dearly for. 

 

Just so we're clear. 

I had the same call with a GoDaddy Rep. My sites are not SSL at the moment but I need to do that going forward.   It's seems rather abrasive to me for a company like GoDaddy to force (strong word - but making it difficult to use LetsEncrypt with this 3 month timeout) the use of a expensive SSL cert (of their own offering) when Let'sEncrypt is good enough.

My websites are not a business front end (and really don't have a lot of need for my WebSite at the moment).  I like GoDaddy, but this is making me rethink my options.

 

 

I just set up free SSL on my two sites hosted by Godaddy and it's not a big deal. I generated the certificates and such through LetsEncrypt and copied them into Godaddy's SSL setup. For the first site, I had to do it manually, but once that was set up (directories created in the right place), I was able to use the automated setup for the second site. It took a one-time edit to the .htaccess file (using code I found online) to get the redirects working and that's it. Considering that I had never done this before and really had no idea what I was doing, I consider the hour or so that it took to figure it out and get it done a useful learning experience.

 

Yes, I'll have to renew the credentials every quarter, but with only two sites and using automated generation it won't take more than 5-10 minutes each time. To me, it's worth it not to pay $75/year for a service that should be free. I'm probably not saving much money, but I'll do it on principle. If nothing else, it buys me time to look for a new host for my sites.

@Bnystrom Can you please share the steps you followed?

I would not use this as the solution - the best solution is that provided by 

 

 

That sounds great, but posting script commands without any context is not particularly helpful. We really need more detailed instructions, such where you enter these commands. 

You need SSH access. Once you have that, you're in your home directory. If your hosting product gives you permissions, you can enter these on the command line. These instructions are for a single domain, not wildcard domain. Later today, I will try for a wildcard domain so all server components are secured. Right now, they are on self-signed certificates.

 

Emreunal's command line entries were excerpted from a much longer all-possibilities document I saw elsewhere on the interwebs. He found and posted the ones that pertain to some GoDaddy instances.

OK, that's more helpful. I found instructions for enabling SSH for Godaddy hosting here:

https://au.godaddy.com/help/enable-ssh-secure-shell-access-4942

 

...and connection instructions here:

https://au.godaddy.com/help/connect-to-my-web-hosting-account-with-ssh-secure-shell-4943

 

I'll give it a shot and see what happens. According to the first link, it can take up to 72 hours for SSH to be fully enabled, so I probably won't post any results for a while.

you can use the acme for wildcard certs too. Just use godaddys dns api by creating certs with dns challenge. i am using it so i know thats working

 

i will edit my post (if can login with my org account to community forum) or create a new tutorial post for acme.sh for both using single domain or wildcard using.

I've tried to enable SSH, but I'm not sure if it's working. The link that I provided above may be old, as I didn't see the menu shown. This link is text only, but it's more accurate:

https://www.godaddy.com/help/enable-ssh-16102

 

I've turned it on, but I can't tell if it's working, as it still says that it's off on the My Hosting page. I tried changing the password and that didn't seem to make any difference. I'll give it some time and check it again.

 

UPDATE: After a few hours, SSH is now on.

 

Godaddy really needs to do a better job of updating their instructional materials!

 

 

What is your product? Vps, wp hosting etc. ?

I have "Deluxe hosting with cPanel".

I have the built-in SSH app in Windows Powershell enabled and it appears to be working, as when I enter "ssh", it provides syntax info for the command. Is this good enough or would I be better off with a different application like puTTy?

 

SSH client doesnt matter. Just ssh to your hosting and do the steps from my first post. If you have any questions or any problem on any step just let me know so i can help / explain

OK,

  1. I logged in using: ssh <username>@>IPaddress>
  2. I entered the password for the account
  3. I received a message: "attempting to create directory /home/<username>/perl5"
  4. I'm now at a prompt that reads: <username>@<alphanumeric text string> [~]$

Does this seem correct?

Yes it is ok. But if you are not comfortable with unix/ssh, better find some one to do it. or backup all your files before trying this.

That sounds like good advice. Years ago, I was well-acquainted with the DOS command line, but I haven't used Unix/Linux command line to any significant extent in decades. I still have 29 days left on my current SSLs, so I'm not under any pressure to do this.

 

Apparently, the "exit" command works.  Smiley Wink

This method works for creating and deploying wildcard certificates. Working on a VPS, I can't vouch for the process on a shared server. Thanks to emreuenal for the basic method posted earlier in this thread. I continued poking around on the interwebs and found the clues to put the rest of it together here.

 

You need SSH access to the command line. I nuked my VPS to start fresh. There was nothing in the file structure left over from previous work with Let'sEncrypt. The server owner created a cPanel user. The domain is tied to that instance of cPanel, and has a folder which contains that user's content. Start a SSH session in the normal way, log in with the user's name and password. You will be at the root of the user's folder.

 

Install acme.sh

curl https://get.acme.sh | sh

Reload .bashrc for acme.sh alias to take effect

source ~/.bashrc

Create API keys

1. Browse to API Key Management at https://developer.godaddy.com/keys/ and make sure you are logged in to your account.

2. Create a new API key. Name is optional, but I called mine letsencrypt. Make sure to select Production type key.

3. Select and copy the Key code to clipboard and paste it into a temporary text document.

4. Select and copy the Secret code to clipboard and paste it into that text document on a new line. If you click Got It! button, the Secret code disappears never to be seen again. I was cautious and copied to temporary file. You could shortcut copy from browser direct to SSH terminal if you want.

5. In the SSH terminal command line

export GD_Key="key code copied from browser"
export GD_Secret="secret code copied from browser"

Issue a new certificate for your domain

acme.sh --issue -d example.com -d '*.example.com' --dns dns_gd

Deploy the certificates

acme.sh --deploy -d example.com -d '*.example.com' --deploy-hook cpanel_uapi

 

edited to reflect emreuenal's comment below.

I looked and saw there is a cron job in cPanel that takes place daily at 0:49

"/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null

 

Log in to your cPanel, under Security, select SSL/TLS Status. You should see Domain Validated certificate status for all 5 of your server's subdomains: cpanel., mail., webdisk., webmail., and www.

Thank you for this great post. 

 

For auto-renew, you dont need to create a cronjob anymore. After installation and issuing a new cert, acme.sh will create self a cronjob for renewing and the certs will be automatically renewed every 60 days.

 

An Addition: This method works on any godaddy linux hosting with cpanel.

Any hints on how to uninstall? I followed the original scripts posted earlier and now I would like to start again with the scripts you posted. I can't scrap the VPS and start again.

You dont need to uninstall your old certs etc. Just issue new certificates with the wildcard method and deploy it. cpanel would automatically delete old certs and use the new certs after deployment