Depending on your hosting plan, it is possible that you have limited access to the machine were you app is running, which makes it difficult to generate a free SSL certificate (i.e. installing
certbot) on the web server.
certbot makes it possible to generate an SSL certificate on a machine other than the one where certificate is going to be installed. For example, you could generate a certificate from your own computer and push it to your web server using good-old cpanel or FTP. To do that, follow these steps:
Step 1. Install
certbot on your computer. If you are using a Debian-based OS, do something like this:
sudo apt-get install certbot
For further instructions about installing
certbot, click here.
Step 2. To get a certificate, run the following command (you will need admin permission to run this command)
certbot certonly --manual --preferred-challenges http
Step 3. Next, enter domain name(s) to be included in your certificate, for example:
Plugins selected: Authenticator manual, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): www.my-super-project.com
Step 4. Now,
certbot will start the validation process. Following message will appear, asking you to create a file and place it in
.well-known/acme-challenge/ directory in your web server:
Create a file containing just this data: GXyDY4mNeg46oX55-... And make it available on your web server at this URL: http://www.my-super-project.com/.well-known/acme-challenge/GXyDY4m...
Step 5. Once validation is completed, you'll see a message from
certbot showing where certificates have been saved, for example:
Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/www.my-super-project.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/www.my-super-project.com/privkey.pem Your cert will expire on [3 months from now]. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew"
That's it! You now have a valid certificate that can be installed in your web application.