Free HTTPS on GoDaddy

The site Let’s Encrypt offers free HTTPS certificates to anyone, however GoDaddy does not enable admin access which is required to use the command line tool to create the scripts.  Luckily, there is another way to use Let’s Encrypt on GoDaddy which does not require admin command line access through the site Get HTTPS for free!.

Notes

  • I’m doing this with a Linux hosting with cPanel account on GoDaddy.
  • You will need to log into your GoDaddy account using SSH, I use git bash in ConEmu as my console.

    ssh [email protected].123.123.123
  • Load the GoDaddy cPanel and open the SSL/TLS menu under the Security section

 Steps

  1. Account Info
    Let’s Encrypt requires that you register an account email and public key before issuing a certificate. The email is so that they can contact you if needed, and the public key is so you can securely sign your requests to issue/revoke/renew your certificates. Keep your account private key secret! Anyone who has it can impersonate you when making requests to Let’s Encrypt!

    1. First you need to Generate 2 Private Keys in cPanel.
      1. You want to Generate a New Private Keys with a 4096 bit Key Size. I like to put the names of the domains I’m going to use with the key in the Description and why I’m creating the key.  One has to be for the Account and the other for the Domain.
    2. Then you need to extract the Public Key from the Private key file. I have not found a way to do this through the cPanel, but it can easily be done with SSH.
      1. The hardest part is finding the right Private Key to pull from.
         cd ~/ssl/keys
         ls -l
      2. Look for the .key file which was created on the correct date and copy the file name to your clipboard.
      3. Print your public key and copy it to your clipboard.
         openssl rsa -in filename.key -pubout

    3. Enter your email and paste your public key in the Step 1 section on https://gethttpsforfree.com/ and click Validate Account Info. It will let you know if it works or not.
  2. Generate a new Certificate Signing Request in cPanel. You can delete the old one if you’re updating your certs after the site is updated.
    1. Select the key file created in step 1 from the Key dropdown and fill in the rest of the data needed.
    2. Add all the sub-domains used in the Domains box when creating the CSR in cPanel.
    3. Copy the text in the Encoded CSR box after completion.
    4. Paste the CSR into the Step 2 box on https://gethttpsforfree.com/ and click the Validate CSR button.  It will let you know if you can proceed to Step 3.
  3. Sign API Requests
    1. The easiest way to do this step is to copy the full text of the Step 3 section into a text editor to point to the correct key file. This is the same file as in Step 1.b.ii above.  Use the Find & Replace tool to change the ./account.key to the correct .key file.
    2. Run each command in the SSH console from the ~/ssl/keys directory. Then copy & Paste the results including he (stdin)= into the Step 3 boxes.
    3. Once complete with all 4 parts, click the Validate Signatures button. It will let you know if there are any problems
  4. Verify Ownership
    1. Copy the two commands from Step 4 the same way as in Step 3 and replace the key references to the same .key file used in Step 3.
    2. We can’t run python scripts on the GoDaddy servers with SSH in a shared hosting plan with root access. Because of this, we need to use Option 2 – file-based
    3. You need to create 2 files at the location specified and test them before clicking. The easiest way to create these files is to open the (how do I do this?) link in the box and copy the code from action 4.  The code needs to be edited, change the /path/to/www/ to the root folder for the website you’re installing the certificate on.
    4. I like to click the 5th action link on the (how do I do this?) section before clicking the I’m now serving this file on xxx button to verify the files are accessible.
  5. Install Certificate
    1. The last step is to install the certificates provided on GoDaddy. Go to the Certificates (CRT) section.  Paste the Intermediate Certificate first, this points to the LetsEncrypt certificate authority.  Then paste the signed certificate in.
    2. Once the certificates are uploaded, then we need to Install and Manage SSL for your site (HTTPS) from the SSL/TLS page in Godaddy.
    3. Use the drop down to select the domain you created the certificate for. Then click Autofill by Domain.  It will read all the details needed from the cert files and populate the boxes.  Click the Install Certificate
    4. Go back to the Get HTTPS For Free window and click the Test my Install button which will start an SSL Labs Test. It takes about a minute but will come back with a response stating what the SSL status is for the domain.

Leave a Reply