DEV Community

Cover image for Let's Encrypt SSL with auto-renew on GoDaddy in 4 steps

Let's Encrypt SSL with auto-renew on GoDaddy in 4 steps

Ezequiel Esnaola on April 16, 2020

I recently tried to install a Let's Encrypt SSL certificate on GoDaddy and I did'n find enough information to configure auto-renew. It is simplifi...
Collapse
 
pljones profile image
Peter L Jones

Like @sylver9, this does not work for me:

$ acme.sh --force --issue -d maindomain.eg -d *.maindomain.eg -w /home/<username>/public_html
[Sun Oct  9 05:04:28 MST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Oct  9 05:04:28 MST 2022] Create account key ok.
[Sun Oct  9 05:04:28 MST 2022] No EAB credentials found for ZeroSSL, let's get one
[Sun Oct  9 05:04:28 MST 2022] acme.sh is using ZeroSSL as default CA now.
[Sun Oct  9 05:04:28 MST 2022] Please update your account with an email address first.
[Sun Oct  9 05:04:28 MST 2022] acme.sh --register-account -m my@example.com
Enter fullscreen mode Exit fullscreen mode

OK, fair enough - it wants an email and tells you how to feed it. However...

$ acme.sh --register-account -m <postbox>@maindomain.eg
[Sun Oct  9 05:04:53 MST 2022] No EAB credentials found for ZeroSSL, let's get one
Usage: _hmac hashalg secret [outputhex]
[Sun Oct  9 05:04:54 MST 2022] Registering account: https://acme.zerossl.com/v2/DV90
[Sun Oct  9 05:04:58 MST 2022] Register account Error: {"type":"urn:ietf:params:acme:error:malformed","status":400,"detail":"[External Account Binding] The JWS Signature MUST be present"}
Enter fullscreen mode Exit fullscreen mode

From which point progress is not possible.

Collapse
 
pljones profile image
Peter L Jones

Aha! That's because acme.sh changed to ZeroSSL in 2021 (after this article was written). To revert to Let's Encrypt, run this before running the --issue request:

acme.sh --set-default-ca --server letsencrypt
Enter fullscreen mode Exit fullscreen mode
Collapse
 
pljones profile image
Peter L Jones

Hm. Next hurdle is the script tries to chown things and gets it wrong: it should just leave well enough alone (i.e. owner read/write access is there, so why change anything). I think I'll have to patch something for this.

(This is because GoDaddy site root directory group ownership is nobody and the user running the site is not in that group.)

Collapse
 
abregnsbo profile image
Axel Bregnsbo

Had the exact same problem, and got side-tracked by a link output by acme.sh redirecting me to ZeroSSL with non-working recommendation. With your acme.sh --set-default-ca ... command above, it works nicely.

Thread Thread
 
sudar profile image
Kâzım ERDOĞAN

--set-default-ca --server letsencrypt

add to try

Collapse
 
sylver9 profile image
sylver9 • Edited

I kept getting this error:
The deploy hook cpanel is not found.

acme.sh --deploy -d example.com -d example.com --deploy-hook cpanel
I even tried channel_uapi and the resulting error noted that cert files were missing. And they were. Because one needs to create an account acme.sh --register-account -m user@example.com
before using acme.sh --force --issue

Collapse
 
abregnsbo profile image
Axel Bregnsbo

@eesnaola please update your nice tutorial with a step 2.5 (from Peter L Jones) that contains acme.sh --set-default-ca --server letsencrypt

Collapse
 
nuukem profile image
Nuukem • Edited

This is great. Thank you so much!

Will this auto deploy the new SSL to cPanel when the certificate renews?

Collapse
 
drix93 profile image
Adrian Dixon

Hi Ezequiel, great simple and useful article. How would I go about doing an SSL for two domains example: my-domain.com and my-domain.ca?

Collapse
 
drix93 profile image
Adrian Dixon • Edited

I think I might have answered my own question:

By just adding "-d my-domain.com" along with it's www. counterpart and any others.

Collapse
 
cuethenoise profile image
cuethenoise • Edited

This is GOLD saved me from having to dish out for a GoDaddy SSL cert! Does the autorenew install the cert into cpanel?