Creating a free SSL certificate with letsencrypt for your website manually

Posted on April 23, 2018 by Frederick Alvarez

When you have your own domain, there are certain host which are nice and they give you SSL by default, however, there are also a couple of host services which still live in the 2000 year and they want you to pay for it, not anymore, there is a cool service called letsencrypt which helps you to generate this certificate for you, there are many ways to do so, the most popular is using the utility that they provide (automated fashion) and if you have a shell access to your host that is the perfect choice, nevertheless, for those who don’t have it like in the case of a friend of mine, you need to create the certificates in one machine to later install them on the host.

Let’s get started

First, we need to download the cert bot utility

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto

Then, we will demonstrate that we are the owner of the domain by adding some specific files on certain locations of the domain, it is called HTTP challenge

this apply to domains as well as subdomains, let’s use the following example

blog.example.com

now, in your cpanel open the file manager go the subdomain folder and create the following directories

blog.example.com/.well-known/acme-challenge

then as root execute the following command

[root@i7box certs]# ./certbot-auto certonly --manual --preferred-challenges http
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
...
Installed:
...

Dependency Installed:
...

Complete!
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): myemail@example.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): blog.example.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for blog.example.com

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

-------------------------------------------------------------------------------
Create a file containing just this data:

_cnEASEpzdqrcRYt7Hs7Q9DGF8wwDBF7qdnNR3HiccI.3WGJ0xc3apAkE-7sAFhVY09OcqPtAxUK6cq_WXMLhqg

And make it available on your web server at this URL:

http://blog.example.com/.well-known/acme-challenge/_cnEASEpzdqrcRYt7Hs7Q9DGF8wwDBF7qdnNR3HiccI

-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/blog.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/blog.example.com/privkey.pem