Do you want to make your website secure by enabling https:// by installing Free SSL certificate from “Let’s Encrypt” on NameCheap Shared Hosting Server without SSH access? If the answer is YES, then follow the steps below to achieve the same completely free.
In fact, this will work on any hosting server which allows installation of SSL certificates through cPanel.
All of the procedure needs to be done on your own desktop/laptop and generate the certificate. Once done, install the certificate on your hosting server through cpanel.
These two prerequisites must be set up on your desktop/laptop before starting the procedure:
openssl
python
Step 1: Create a directory and clone the “acme-nosudo” helper script.
subh@MacBookAir:~ $ mkdir letstryletsencrypt
subh@MacBookAir:~ $ cd letstryletsencrypt/
subh@MacBookAir:~/letstryletsencrypt $ git clone https://github.com/diafygi/acme-nosudo.git
subh@MacBookAir:+tsencrypt/acme-nosudo $ cd acme-nosudo/
Step 2: Generate an user account key to register with Let’s Encrypt.
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl genrsa 4096 > user.key
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl rsa -in user.key -pubout > user.pub
Step 3: Generate the domain key and a certificate request which will get signed for free for your domain by Let’s Encrypt.
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl genrsa 4096 > domain.key
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /System/Library/OpenSSL/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:wpdelighter.com,DNS:www.wpdelighter.com")) > domain.csr
To know the path for the “openssl.cnf” configuration file, use the command ” openssl version -a “. This will show you the OPENSSLDIR: “/System/Library/OpenSSL”
Step 4: Run the script using python using your user account public key and the domain CSR.
Use the “–file-based” option to allow verify the challenge by creating and serving the desired file with desired content at desired URL on your server. This removes the need of having SSH access to your server.
subh@MacBookAir:+tsencrypt/acme-nosudo $ python sign_csr.py -f --public-key user.pub domain.csr > signed.crt
During this process, the script asks you to run some manual commands, you need to run them in a separate terminal window. You need to keep the script open while you run them. Also, the challenge files can be created for verification using the “FileManager” at the desired directory.
subh@MacBookAir:~ $ cd letstryletsencrypt/acme-nosudo/
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out register_XRvAqb.sig register_xem67X.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out domain_X4Pa7G.sig domain_XOX1Im.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out domain_x8mmPH.sig domain_XByoiG.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out cert_0Z3Nd_.sig cert_xsCEDY.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out challenge_XnAHaq.sig challenge_xWCD8x.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out challenge_X9fvWv.sig challenge_XrRBQU.json
Output:
Reading pubkey file...
Found public key!
Reading csr file...
Found domains www.wpdelighter.com, wpdelighter.com
STEP 1: What is your contact email? (webmaster@wpdelighter.com) contactme@wpdelighter.com
Building request payloads...
Building request for www.wpdelighter.com...
Building request for wpdelighter.com...
Building request for CSR...
STEP 2: You need to sign some files (replace 'user.key' with your user private key).
openssl dgst -sha256 -sign user.key -out register_XRvAqb.sig register_xem67X.json
openssl dgst -sha256 -sign user.key -out domain_X4Pa7G.sig domain_XOX1Im.json
openssl dgst -sha256 -sign user.key -out domain_x8mmPH.sig domain_XByoiG.json
openssl dgst -sha256 -sign user.key -out cert_0Z3Nd_.sig cert_xsCEDY.json
Press Enter when you've run the above commands in a new terminal window...
Registering contactme@wpdelighter.com...
Already registered. Skipping...
Requesting challenges for www.wpdelighter.com...
Building challenge responses for www.wpdelighter.com...
Requesting challenges for wpdelighter.com...
Building challenge responses for wpdelighter.com...
STEP 3: You need to sign some more files (replace 'user.key' with your user private key).
openssl dgst -sha256 -sign user.key -out challenge_XnAHaq.sig challenge_xWCD8x.json
openssl dgst -sha256 -sign user.key -out challenge_X9fvWv.sig challenge_XrRBQU.json
Press Enter when you've run the above commands in a new terminal window...
STEP 4: Please update your server to serve the following file at this URL:
--------------
URL: http://www.wpdelighter.com/.well-known/acme-challenge/jpqJwX4jvz6FN6jxMZa_xahhbjjkQJge5vm8T38Nue0
File contents: "jpqJwX4jvz6FN6jxMZa_xahhbjjkQJge5vm8T38Nue0.bCVmH4Xofm_XJIExY2iSAN3QgjNqWON44kMAw0-7ank"
--------------
Notes:
- Do not include the quotes in the file.
- The file should be one line without any spaces.
Press Enter when you've got the file hosted on your server...
Requesting verification for www.wpdelighter.com...
Waiting for www.wpdelighter.com challenge to pass...
Passed www.wpdelighter.com challenge!
STEP 5: Please update your server to serve the following file at this URL:
--------------
URL: http://wpdelighter.com/.well-known/acme-challenge/XmOJAsT2qeyzKFECPojR00u9Uz7AmwvSo0Q3aMYxWik
File contents: "XmOJAsT2qeyzKFECPojR00u9Uz7AmwvSo0Q3aMYxWik.bCVmH4Xofm_XJIExY2iSAN3QgjNqWON44kMAw0-7ank"
--------------
Notes:
- Do not include the quotes in the file.
- The file should be one line without any spaces.
Press Enter when you've got the file hosted on your server...
Requesting verification for wpdelighter.com...
Waiting for wpdelighter.com challenge to pass...
Passed wpdelighter.com challenge!
Requesting signature...
Certificate signed!
You can remove the acme-challenge file from your webserver now.
Now, your certificate is signed and ready to be installed on your shared hosting server. Open the files “signed.crt” and “domain.key” with any text editor.
Step 5: Open the cPanel in the browser and install the certificate.
* Go to cPanel > Security > SSL/TLS and press on “Manage SSL Sites”.
* Select the domain you want to install the certificate. in my case it is “wpdelighter.com”
* In Certificate: (CRT) paste the content of the recently created “signed.crt”
* In Private Key: (KEY) paste the content of “domain.key”
* Press Autofill by Domain button, next to the domain selection drop-down.
* Press Install certificate.
If everything goes well, your let’s encrypt certificate is successfully installed on NameCheap shared hosting server.
Leave a Reply