HOWTO: Automatic, free LetsEncrypt SSL certificates on GoDaddy shared hosting

Questions and discussion about web design, search engine optimisation and hosting
Santeri
Posts: 167
Joined: 2017-7-5 09:58

HOWTO: Automatic, free LetsEncrypt SSL certificates on GoDaddy shared hosting

Unread post by Santeri » 2020-4-14 16:02

Image :arrow: :arrow: :arrow: Image 1. Install acme.sh

Use SSH to login to your share hosting server. Run the following command to install ACME Shell script that will provide you automatically free LetsEncrypt SSL certificates on GoDaddy shared hosting servers:

Code: Select all

curl https://get.acme.sh | sh
or

Code: Select all

wget -O - https://get.acme.sh | sh
2. Get GoDaddy DNS API Key

It is better to use DNS API. Otherwise, if your .htaccess prevents access to the verification directory under your webroot, issuing certs will fail and you will not be able to create certificates for subdomains that are not accessible as websites like for example mail.YOUR_DOMAIN.
  1. Go to https://developer.godaddy.com/keys/
  2. Generate a production key, not the test key they are offering by default
  3. Use SSH to login to your shared hosting server and export the GoDaddy DNS keys for acme.sh by running the following shell commands:

    Code: Select all

    export GD_Secret=COPY_THE_SECRET_HERE
    export GD_Key=COPY_THE_KEY_HERE
3. Issue certificates

Use SSH to login to your shared hosting server and issue the following command to create an SSL certificate:

Code: Select all

acme.sh --issue --dns dns_gd -d X -d www.X -d mail.X -d webmail.X -d cpanel.X
Replace X with your domain name. The last 3 -d options are optional and will create SSL certificates also for your subdomains that are commonly used on hosting servers. The first -d option is the handle for the SSL certificate which you can use to deploy, delete or forcefully renew your certificate. For example the following command was used to create an SSL certificate for this forum:
acme.sh --issue --dns dns_gd -d forum.webseodesigners.com -d www.forum.webseodesigners.com
Next you can deploy your new certificate:

Code: Select all

acme.sh --deploy -d X --deploy-hook cpanel_uapi
For example the following command was used to deploy the SSL certificate for this forum:
acme.sh --deploy -d forum.webseodesigners.com --deploy-hook cpanel_uapi
Now you should be good to go and you can test your new certificate by accessing your website using HTTPS scheme. Please note, that there can be a few minutes delay before your new certificate becomes fully functional. The certificate will automatically renew every 2 months and in case of error, you will receive an email from CRON informing you about the problem.

4. Usefull commands

Replace X with your domain name.
  • List all certificates

    Code: Select all

    acme.sh --list
  • Switch on automatic updates (normally I do not recommend updating anything automatically, but sometimes GoDaddy is messing up their systems and we have to adjust acme.sh to work with their changes)

    Code: Select all

    acme.sh --upgrade --auto-upgrade
  • Forcefully renew a certificate

    Code: Select all

    acme.sh --renew -d X --force
  • Forcefully renew all certificates

    Code: Select all

    acme.sh --renew-all --force
  • Delete a certificate

    Code: Select all

    acme.sh --remove -d X
Special case: Configuring acme.sh using IDN (an Internationalized domain name with special characters).

Let me know if you are experiencing any issues and I will try my best to help you. The original script I wrote for the automation is part of acme.sh: Automatic Let's encrypt SSL on GoDaddy. If you find this useful, please consider making a donation to Neil (the author of acme.sh) and sharing these instructions with others. And please, don't waste your for money buying SSL certificates from GoDaddy. Thank you.