on
How to set up free SSL on shared-hosting with Let’s Encrypt
I just updated this domain to use HTTPS with Let’s Encrypt as a certificate authority. Presently this site is on a shared-hosting provider and I had to generate a cert manually and then upload it. Here are instructions for doing that.
Note: some shared-hosting providers may offer a way to automatically generate and install a Let’s Encrypt (or other CA) certificate directly through the cPanel. I’d recommend doing that if it’s an option :)
First, download and install certbot. On a separate computer (i.e., not the website host), run certbot to generate a certificate:
brew install certbot
mkdir ~/letstencrypt && cd ~/letstencrypt/
certbot --config-dir . --work-dir . --logs-dir . certonly --manual
After displaying some prompts, certbot will produce a challenge string and ask you to upload a file to your host containing that content (using the http challenge). This is to prove control of the website.
On the host, create the file as instructed. E.g. copy the challenge text, then:
pbpaste > challengefile
ssh myhost 'mkdir -p ~/public_html/.well-know/acme-challenge/'
scp challengefile myhost:~/public_html/.well-known/acme-challenge/rPs-CyPusl...
Then, confirm you’ve uploaded the file and complete the certbot setup to create the certificate. There will be a live directory containing the generated certificate and secret.
live
└── my-website.com
├── README
├── cert.pem -> ../../archive/my-website.com/cert1.pem
├── chain.pem -> ../../archive/my-website.com/chain1.pem
├── fullchain.pem -> ../../archive/my-website.com/fullchain1.pem
└── privkey.pem -> ../../archive/my-website.com/privkey1.pem
Copy the contents of fullchain.pem and paste them into the certificate text box of your cPanel’s SSL configuration settings or upload the certificate file directly.
Finally, install the certificate and upload privkey.pem.
Once the process is complete the challenge file can be removed from the server. You should now be able to access your domain over https.