HOWTO: Automatic, free LetsEncrypt SSL certificates on GoDaddy shared hosting

Questions and discussion about web design, search engine optimisation and hosting
Santeri
Posts: 325
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-4-14 16:02

Image :arrow: :arrow: :arrow: Image 1. Install acme.sh

Use SSH to login to your share hosting server. Run the following command to install ACME Shell script that will provide you automatically free LetsEncrypt SSL certificates on GoDaddy shared hosting servers:

Code: Select all

curl https://get.acme.sh | sh
or

Code: Select all

wget -O - https://get.acme.sh | sh
2. Get GoDaddy DNS API Key

It is better to use DNS API. Otherwise, if your .htaccess prevents access to the verification directory under your webroot, issuing certs will fail and you will not be able to create certificates for subdomains that are not accessible as websites like for example mail.YOUR_DOMAIN.
  1. Go to https://developer.godaddy.com/keys/
  2. Generate a production key, not the test key they are offering by default
  3. Use SSH to login to your shared hosting server and export the GoDaddy DNS keys for acme.sh by running the following shell commands:

    Code: Select all

    export GD_Secret=COPY_THE_SECRET_HERE
    export GD_Key=COPY_THE_KEY_HERE
3. Issue certificates

Use SSH to login to your shared hosting server and issue the following command to create an SSL certificate:

Code: Select all

acme.sh --issue --dns dns_gd -d X -d www.X -d mail.X -d webmail.X -d cpanel.X
Replace X with your domain name. The last 3 -d options are optional and will create SSL certificates also for your subdomains that are commonly used on hosting servers. The first -d option is the handle for the SSL certificate which you can use to deploy, delete or forcefully renew your certificate. For example the following command was used to create an SSL certificate for this forum:
acme.sh --issue --dns dns_gd -d forum.webseodesigners.com -d www.forum.webseodesigners.com
Next you can deploy your new certificate:

Code: Select all

acme.sh --deploy -d X --deploy-hook cpanel_uapi
For example the following command was used to deploy the SSL certificate for this forum:
acme.sh --deploy -d forum.webseodesigners.com --deploy-hook cpanel_uapi
Now you should be good to go and you can test your new certificate by accessing your website using HTTPS scheme. Please note, that there can be a few minutes delay before your new certificate becomes fully functional. The certificate will automatically renew every 2 months and in case of error, you will receive an email from CRON informing you about the problem.

4. Usefull commands

Replace X with your domain name.
  • List all certificates

    Code: Select all

    acme.sh --list
  • Switch on automatic updates (normally I do not recommend updating anything automatically, but sometimes GoDaddy is messing up their systems and we have to adjust acme.sh to work with their changes)

    Code: Select all

    acme.sh --upgrade --auto-upgrade
  • Forcefully renew a certificate

    Code: Select all

    acme.sh --renew -d X --force
  • Forcefully renew all certificates

    Code: Select all

    acme.sh --renew-all --force
  • Delete a certificate

    Code: Select all

    acme.sh --remove -d X
Special case: Configuring acme.sh using IDN (an Internationalized domain name with special characters).

Let me know if you are experiencing any issues and I will try my best to help you. The original script I wrote for the automation is part of acme.sh: Automatic Let's encrypt SSL on GoDaddy. If you find this useful, please consider making a donation to Neil (the author of acme.sh) and sharing these instructions with others. And please, don't waste your for money buying SSL certificates from GoDaddy. Thank you.



laqueweba

Unread post by laqueweba » 2021-9-5 22:57

Quiero un certificado ssl para mi sitio gratis

Jose

Unread post by Jose » 2021-9-9 15:11

laqueweba wrote:
2021-9-5 22:57
Quiero un certificado ssl para mi sitio gratis
Siga las instrucciones anteriores.

musicray
Posts: 2
Joined: 2022-10-3 21:40

Unread post by musicray » 2022-10-3 23:28

I have been using acme.sh on a shared server for years with no issues. Now all the sudden no certificates for any subdomains on my cpanel account are being deployed successfully, even though the acme log was reporting successful, it showed "deployed certificate to 0 of 0 sites via UAPI". It appeared that it only affected the subdomains, but I am not certain now if the main domain was affected, because I have since force renewed and deployed all of the domain certificates.  My temporary fix was to take the code of the cpanel_uapi.sh from the acme.sh version 3.0.4 on github and paste it into the cpanel_uapi.sh on my server which had been updated to acme.sh version 3.0.5 automatically. I then ran "acme.sh --deploy -d X --deploy-hook cpanel_uapi" and it completed successfully and showed up in cpanel SSL Status tab.
When I run "acme.sh --list" all of the appropriate domains are shown, however, the acme log shows a line "UAPI sites found:" and then lists my main domain and some others that I worked with in the past but not the current ones.
So could this be the issue? All of the domain.conf files had [export DEPLOY_CPANEL_AUTO_INCLUDE='*'] set, so I wonder what I might have been missing?

musicray
Posts: 2
Joined: 2022-10-3 21:40

Unread post by musicray » 2022-10-3 23:33

I have been using acme.sh on a shared server for years with no issues. Now all the sudden no certificates for any subdomains on my cpanel account are being deployed successfully, even though the acme log was reporting successful, it showed "deployed certificate to 0 of 0 sites via UAPI". It appeared that it only affected the subdomains, but I am not certain now if the main domain was affected, because I have since force renewed and deployed all of the domain certificates. My temporary fix was to take the code of the cpanel_uapi.sh from the acme.sh version 3.0.4 on github and paste it into the cpanel_uapi.sh on my server which had been updated to acme.sh version 3.0.5 automatically. I then ran "acme.sh --deploy -d X --deploy-hook cpanel_uapi" and it completed successfully and showed up in cpanel SSL Status tab.

When I run "acme.sh --list" all of the appropriate domains are shown, however, the acme log shows a line "UAPI sites found:" and then lists my main domain and some others that I worked with in the past but not the current ones.

So could this be the issue? All of the domain.conf files had [export DEPLOY_CPANEL_AUTO_INCLUDE='*'] set, so I wonder what I might have been missing?

Santeri
Posts: 325
Joined: 2017-7-5 09:58

Unread post by Santeri » 2022-10-4 03:25

musicray wrote:
2022-10-3 23:33
I have been using acme.sh on a shared server for years with no issues. Now all the sudden no certificates for any subdomains on my cpanel account are being deployed successfully, even though the acme log was reporting successful, it showed "deployed certificate to 0 of 0 sites via UAPI". It appeared that it only affected the subdomains, but I am not certain now if the main domain was affected, because I have since force renewed and deployed all of the domain certificates. My temporary fix was to take the code of the cpanel_uapi.sh from the acme.sh version 3.0.4 on github and paste it into the cpanel_uapi.sh on my server which had been updated to acme.sh version 3.0.5 automatically. I then ran "acme.sh --deploy -d X --deploy-hook cpanel_uapi" and it completed successfully and showed up in cpanel SSL Status tab.

When I run "acme.sh --list" all of the appropriate domains are shown, however, the acme log shows a line "UAPI sites found:" and then lists my main domain and some others that I worked with in the past but not the current ones.

So could this be the issue? All of the domain.conf files had [export DEPLOY_CPANEL_AUTO_INCLUDE='*'] set, so I wonder what I might have been missing?
Please post the output of

Code: Select all

acme.sh --list  --debug 2

yoforever
Posts: 1
Joined: 2023-7-13 00:42

Unread post by yoforever » 2023-7-13 19:59

hi, good tutorial!! It works great! Now I want to add a new subdomain that I forgot. Do I have to do it all again?

Santeri
Posts: 325
Joined: 2017-7-5 09:58

Unread post by Santeri » 2023-7-14 01:56

yoforever wrote:
2023-7-13 19:59
hi, good tutorial!! It works great! Now I want to add a new subdomain that I forgot. Do I have to do it all again?
Yes, every domain and sub domain needs to be added, or you can add all at once if you know them.