Using Let’s Encrypt’s free certificate on GoDaddy’s shared hosting

Yesterday I ordered a new domain from GoDaddy together with basic hosting plan. Usually I host all of my websites on a do-it-yourself web-server (read: at home), but this time I wanted to make sure I have reliable infrastructure for this project I’m working on, so GoDaddy was a kind of a reasonable choice.

To get you into the story, first I have to explain why I love so much securing my websites with SSL. First of all – it’s free, so why not? And if you need another strong reason – your websites will rank better on all search engines once they start supporting (or better forcing) SSL communication. These two reasons are quite enough – if you ask me.

Now … I already wrote how easy it is to secure your website with a tool coming from Let’s Encrypt’s bakery. You don’t remember? Then read this article right away!

Since I wanted to take advantage of this free SSL certificate opportunity with the domain I bought (which points to one of the GoDaddy’s web-servers and not the Apache server I manage at home), I figured out I’ll need to find a way how to (first) generate SSL certificate by using Let’s Encrypt’s tool and (second) import this certificate to GoDaddy’s web-server configuration.

Now, if you have carefully read Let’s Encrypt’s tool documentation, you must have noticed that at some point, Let’s Encrypt’s web-application (the one they manage) will want to communicate with your web-server running the website you are trying to secure – in order to achieve some kind of security handshake and verify you actually own the domain you are securing. The problem here is with the fact that this web-server they are trying to talk to needs to be running on the same machine as the Let’s Encrypt’s tool you used when started certification process. But you cannot use this tool on GoDaddy’s servers (they are not that stupid!) and we are actually getting to the core of the problem I am trying to solve for you today 🙂

Let’s say I bought domain example.org and right now it is pointing to GoDaddy’s web-server located at 123.123.123.123. On the other hand I am running Apache web-server on my machine having public IP address and I have Let’s Encrypt’s tool installed on this machine. My public IP address is 99.99.99.99. What I need to do is:

  • Change the DNS configuration in my GoDaddy account for the domain example.org to point to my web-server (99.99.99.99)
  • Configure my web-server (Apache) to accept example.org domain requests.
    In other words I need to create configuration file example.org.conf in /etc/apache2/sites-available/

    And after that issue following two commands:
  • Once I have my web-server ready, I can start certification process and generate a new certificate
  • When the process finishes, I should revert DNS settings to GoDaddy’s web-server (123.123.123.123)
  • Next thing is looking for the certificates Let’s Encrypt’s tool generated. I’ll look into /etc/letsencrypt/live/example.org/ and what I’ll find there is:

    Now we are talking!
  • The only thing left is importing your new certificate to your GoDaddy’s account (in your hosting’s cPanel). I will not explain in details how to do this, but basically all you need to do is:
    – Go from your cPanel home to SSL/TLS -> Certificates (CRT) -> Upload a New Certificate section
    – Past the content of fullchain.pem and click Save Certificate 
    – Go to SSL/TLS -> Manage SSL sites
    – Select your domain and click Autofill by Domain
    – Past the content of privkey.pem to Private Key field and click Install Certificate
  • Voila!

 

I hope I helped!

Leave a Reply

Your email address will not be published. Required fields are marked *