How to Install LetsEncrypt Certificate on Shared Hosting

Introduction

Let’s Encrypt introduced free SSL certificates quite some time ago. It made possible for website owners to offer encrypted HTTPS connection for their visitors totally free of charge. Before Let’s Encrypt, the only way to get a valid SSL certificate was to purchase it from a seller.

Let’s Encrypt SSL certificate can be installed with just a few lines of code on a VPS or dedicated server, however, installation on shared hosting accounts is still a bit complicated (unless it uses cPanel).

Hostinger doesn’t yet have an auto-installer for Let’s Encrypt SSL certificates (we are working on this), but there is a workaround – it can be installed manually using ACME client written in PHP and composer.

This tutorial shows how to install free SSL from Let’s Encrypt on Gembels.com shared hosting.

The gist here is to generate the Let’s Encrypt certificate locally and install it to your server using cPanel. This is the exact steps I used for this domain.

Things Needed

  • An OS to install and run the Let’s Encrypt client. In this example I will use Ubuntu 14.04 VM on Windows.
  • cPanel access. Your cPanel should allow SSL certificates to be installed manually.
  • File upload access to the server. I used SFTP.

Installing the Let’s Encrypt Client

  1. Fire up the terminal in Ubuntu and type:
    git clone https://github.com/letsencrypt/letsencrypt
  2. Once its done, go to the directory where the client is installed. For me its: cd letsencrypt

Generating the Certificate

  1. Inside the letsencrypt directory (dont forget it for non www and www), type:
    ./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d gembels.com -d www.gembels.com

Note: Make sure to change gembels.com to the domain of your website.

  1. The client will prompt you if its OK to log your IP. Choose Yes.
  1. Now, whatever happens, do not press anything yet or you will have to restart the generation process!

Confirming Domain Ownership

Notice that below the prompt is an instruction on how to confirm ownership of your domain:

Make sure your web server displays the following content at http://gembels.com/.well-known/acme-challenge/pExN7I6LR8wMLGkwgpj2bRP5Mb8rWVnvElh5VQY3O34 before continuing:

pExN7I6LR8wMLGkwgpj2bRP5Mb8rWVnvElh5VQY3O34.mO1_yWM1oRb7oJBd5VgVuRB_szRNAqAEwsAcWfDxHX8

  1. Connect to your server and create the following directory inside your server’s public directory: .well-known/acme-challenge/
  2. Inside it create a text file named pExN7I6LR8wMLGkwgpj2bRP5Mb8rWVnvElh5VQY3O34 that contains the string
    pExN7I6LR8wMLGkwgpj2bRP5Mb8rWVnvElh5VQY3O34.mO1_yWM1oRb7oJBd5VgVuRB_szRNAqAEwsAcWfDxHX8

Note: The strings will be different for you or second domain for www. it will request 1 more time to same steps.

  1. Once you are done, go back to the terminal and press the enter. LE will generate one more confirmation for more domain. Just repeat step number 6.

Installing the Certificate in cPanel

cPanel SSL panel

  1. Type: sudo nautilus
  2. Using the file browser as root, navigate to /etc/letsencrypt/live/gembels.com
  3. Login to your cPanel. Copy and paste the SSL info from these files into the cPanel SSL panel:
    Certificate (CRT) is cert.pem
    Private Key is privkey.pem
    Certificate Authority Bundle: (CABUNDLE) or CA is chain.pem

    I used gedit to open and copy the contents of the .pem files.

    Installing the certificate in cPanel

 

Additional Resources/References