Here’s a look at adding Let’s Encrypt to a shared hosting platform.
Shared hosting platforms (like ‘namecheap’) want you to purchase their SSL certificates. But, we all know there are free SSL Certificate providers out there, like Let’s Encrypt (LE). LE let’s you use the command line to generate and use LE certificates. However, it gets a bit tricky on shared hosting platforms. Inspired by this post (which needs to be updated, hense my motivation for my post), here are the steps to accomplish this task.
IMPORTANT: When you issue the certificate (STEP 4), you MUST use --server letsencrypt
1) Enable SSH (there are instructions on namecheap to enable ssh in CPanel)
2) Get the certificates
#Get acme.sh utility
curl https://get.acme.sh | sh
#Source the Environment variables
source ~/.bashrc
#Register your email with Lets's Encrypt to be notified any renewals issue
acme.sh --register-account --accountemail email@example.com
# At this moment a cron entry already has been setup for autorenewal which will auto renew after 60 days., You can update /dev/null to something like this if you need the log
crontab -l | grep acme.sh
10 0 * * * "/home/_CPANEL_USERNAME_/.acme.sh"/acme.sh --cron --home "/home/_CPANEL_USERNAME_/.acme.sh" >> /home/_CPANEL_USERNAME_/.acme_cron_log
3) Issue a test cert to check if all working
#webroot will be any directory in which your domain exist, give path accordingly.
acme.sh --issue --webroot ~/public_html -d yourdomain.com --staging
4) Issue an actual Certificate
acme.sh --issue --webroot ~/public_html -d yourdomain.com --force --server letsencrypt
#In ourput you will see success if all goes fine & key/Certs/chaincerts/csr will be stored under below location, you can refer those if you intend to apply those using cpanel GUI manually
~/.acme.sh/yourdomain.com/
5) Apply Cert to website using cPanel hook
acme.sh --deploy --deploy-hook cpanel_uapi --domain yourdomain.com
6) In CPanel, redirect your domain to use HTTPS. If CPanel is greyed out, simply use an HTACCESS modification.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
Credit: Anuj Singh Tomar
Here is a handy BASH script that will automate this process for you. NOTE: This bash script assumes you’re using standard bash and the standard ‘public_html’ path that namecheap provides. Be sure to edit for your needs! (This assumes you ran the setup and are registered with LE)
#!/bin/bash
echo What is the domain (i.e. example.com)?
read domain
.achme.sh/acme.sh --issue --webroot ~/public_html -d $domain --staging --server letsencrypt &&
.achme.sh/acme.sh --issue --webroot ~/public_html -d $domain --force --server letsencrypt &&
.achme.sh/acme.sh --deploy --deploy-hook cpanel_uapi --domain $domain
Comments