DEV Community

Nery Córdova
Nery Córdova

Posted on

Free SSL certificate for shared hosting using certbot

Depending on your hosting plan, it is possible that you have limited access to the machine were you app is running, which makes it difficult to generate a free SSL certificate (i.e. installing certbot) on the web server.

Fortunately, certbot makes it possible to generate an SSL certificate on a machine other than the one where certificate is going to be installed. For example, you could generate a certificate from your own computer and push it to your web server using good-old cpanel or FTP. To do that, follow these steps:

Step 1. Install certbot on your computer. If you are using a Debian-based OS, do something like this:

sudo apt-get install certbot
Enter fullscreen mode Exit fullscreen mode

For further instructions about installing certbot, click here.

Step 2. To get a certificate, run the following command (you will need admin permission to run this command)

certbot certonly --manual --preferred-challenges http
Enter fullscreen mode Exit fullscreen mode

Step 3. Next, enter domain name(s) to be included in your certificate, for example:

Plugins selected: Authenticator manual, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): 

www.my-super-project.com
Enter fullscreen mode Exit fullscreen mode

Step 4. Now, certbot will start the validation process. Following message will appear, asking you to create a file and place it in .well-known/acme-challenge/ directory in your web server:

Create a file containing just this data:

GXyDY4mNeg46oX55-...

And make it available on your web server at this URL:

http://www.my-super-project.com/.well-known/acme-challenge/GXyDY4m...

Enter fullscreen mode Exit fullscreen mode

Step 5. Once validation is completed, you'll see a message from certbot showing where certificates have been saved, for example:

Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.my-super-project.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.my-super-project.com/privkey.pem
   Your cert will expire on [3 months from now]. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"

Enter fullscreen mode Exit fullscreen mode

That's it! You now have a valid certificate that can be installed in your web application.

Top comments (0)