How To Install a Free SSL Certificate (Let's Encrypt) Without Shell Access

By Sheldon Poon, published on

AKA ...

How To Install a Free SSL Certificate Without Shell Access (an idiot's guide to Let's Encrypt)
 -or-
Let's Encrypt Without Shell Access Using Windows
 -or-
9 (Complicated) Steps to Get a Free SSL Certificate

Introduction

So if you're like me, you have heard a lot about Let's Encrypt and how search engines like Google are starting to encourage web security by promoting sites secured with SSL certificates. IF you're completely new to this world, the thing to understand is that now, more than ever, it's become increasingly important to make your site visitors' traffic as secure as possible. I could write an entirely separate article detailing all of the history, pros and cons, and political climate surrounding SSL technology, but I'll leave that for another time.

You may also be like me in that you have found yourself responsible for a client's site that requires SSL yet lacks credentials that will give you access to the server's shell terminal. If that's the case, this guide is for you. I spent a weekend figuring out how to maneuver this exact situation and thought I would write up my notes to save others the hassle of figuring it out on their own.

Requirements

Ok, so if you found this article, chances are, you have some basic understanding of web technologies to have brought you to this point. The items below are a rough list of what you'll need to get this working.

Technologies:
Windows (10)
WHM access
cPanel access
Putty
FileZilla
Your domain on a unique IP address

Some basic knowledge of:
Server infrastructure
Linux Command Line
How SSL works
How FTP works
How to create folders and files on a web server

*the server you're SSHing into doesn't need to be the same server that you're installing the key on

Just the Facts

  1. go to https://gethttpsforfree.com/
  2. generate a public key and log into command line
    1. in WHM, enable Shell Access for the target account
      1. log into WHM
      2. look for "Manage Shell Access"
      3. enable for the target account
    2. log into the cPanel dashboard of the target account
    3. generate SSH key to be able to log into server
      1. click on "Manage SSH Keys"
      2. click on "Generate a New Key"
      3. enter a passphrase and make a note of it
      4. under "Public Key" you will see your new key
      5. click on "Manage" next to the key
      6. click "Authorize"
      7. under "Private Keys" click "View/Download" next to the new key
      8. under "Convert the [...] key to PPK format" enter your passphrase and click "Convert"
      9. "Download Key"
    4. use your new key in Putty to log into your server
      1. open Putty.exe
      2. enter the IP address of the server
      3. in your settings (to the left) go to "Connection" > "SSH" > "Auth"
      4. where it says "Private key file for authentication" click "browse" and look for your PPK file
      5. click "open"
      6. enter a username (can probably be anything) and enter your passphrase to log in
  3. go to https://gethttpsforfree.com/ ("Get HTTPS for free!") and fill out "Step 1"
  4. for "Step 2", use cPanel to generate your CSR (Certificate Signing Request)
    1.  log into cPanel on the target machine
    2. under "Security" click on "SSL/TSL"
    3. click on "Generate, view, or delete SSL certificate signing requests."
    4. fill in the appropriate information and copy the output starting with "-----BEGIN CERTIFICATE REQUEST-----"
    5. paste this into "Get HTTPS for free!" and click "Validate CSR"
  5. follow the instructions for "Step 3" to verify everything (run the commands in Putty)
  6. run the command in "Step 4" and create a file on the target server as per the instructions using the "Option 2 - file-based" option
    1. log into your server using FTP
    2. create a folder called ".well-known" (make sure to include the leading dot) under your webserver's hosted directory (probably /public_html/)
    3. create a subfolder under ".well-known" called "acme-challenge"
    4. create a file under "acme-challenge" using the filename specified
      1. understand the command they are giving you: echo -n "[content]" > /path/to/www/.well-known/acme-challenge/[filename]
      2. create filename using [filename] (in the example above)
      3. in the file [filename] edit using notepad.exe and enter the content provided [content]
      4. make sure this file is accessible from a web browser and is showing only the content provided
    5. click "I'm now serving this file on [your domain]"
  7. if everything went well, "Step 5" will give you two certificates. copy the "Signed Certificate" (starting with "-----BEGIN CERTIFICATE-----")
  8. install this certificate using cPanel
    1. from cPanel go to "SSL/TLS"
    2. click "Manage SSL sites."
    3. paste the certificate into "Certificate: (CRT)" and a button will appear "Autofill by Certificate"
    4. click the button to fill in the details
    5. scroll down and click "Install Certificate"
  9. verify the certificate using "Test my install" on "Get HTTPS for free!" button on "Step 5"

all done!

We make data look good

  • Share: