InMotion Hosting Support Center

Let’s Encrypt is a service provider that provides SSLs for your website for free. This allows you to get a valid SSL certificate for use on your site. SSLs provide secure site connections and have lots of uses. This write-up will show how to get, setup, and maintain an updated SSL.

Shared Servers

Please note that these commands are designed to run in a series, and during the same SSH session.

  1. First, be sure to find the document root for your domain
  2. Then login to your server via SSH
  3. Run the command
    curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
    This will download the Bash script we will be using to obtain our Let’s Encrypt SSL.
  4. Next, run the command
    sed -i 's/curl -k/curl -Aagent -k/' ./getssl
    This adds a user-agent to the script which helps it to complete one of its tests.
  5. Create base configuration files for your domain by running
    domain=yourdomaingoeshere.com; ./getssl -c $domain
    Be sure to replace yourdomaingoeshere.com with your actual domain.
  6. These commands will setup your configuration file. Enter these one-by-one, in the following order
    configFile=.getssl/$domain/getssl.cfg; sed -i 's/SANS/#SANS/' $configFile
    echo 'CA="https://acme-v01.api.letsencrypt.org"' >> $configFile
    echo "ACL=('/your/document/root/goes/here/.well-known/acme-challenge')" >> $configFile
  7. Obtain the Let’s Encrypt SSL by running
    ./getssl $domain
  8. To install the SSL certificate you will need to login to your cPanel and go to your file manager, Inside your home directory, you will go to the .getssl folder and then the folder for the domain name you are working with. Download the yourdomain.crt yourdomain.key and chain.crt. Once you have them downloaded go back to your cPanel and you will go to the "SSL/TLS manager" and click "Manage SSL sites". Once in here select the domain you want to install the certificate on from the drop down. Open the files you downloaded earlier in notepad or your preferred text editor and and paste them into the fields on the screen, The yourdomain.crt will go into the "Certificate (CRT)" field, yourdomain.key will go into the "Private Key (KEY)" field and lastly the chain.crt will go into the "Certificate Authority Bundle: (CABUNDLE)" field. Ensure you copy the entire contents of each file into these fields. Once these have been pasted in click the "Install Certificate" Button at the bottom of the page. Your SSL is now installed.
  9. Let's Encyrpt SSL certificates only last 90 days, To renew the certificate simply SSH back into your account and run the command below.
    ./getssl yourdomain
    After Running the command repeat step 8 to install the updated certificate.

Awesome! Now you've got a Let’s Encrypt SSL all setup on your shared server.

VPS and Dedicated Servers with cPanel

  1. First login to your server via SSH as root If you do not have root access you can request it by following the directions here
  2. Once logged in you will want to run the command below to enable lets encrypt for AutoSSL.
    /scripts/install_lets_encrypt_autossl_provider
  3. Now that we have enabled lets encrypt we need to set your AutoSSL to use it, login to your WHM as root and go to the "Manage AutoSSL" menu, You can find this by searching for SSL in the searchbox in the upper left hand side.
  4. On the Manage Auto SSL page you will have a list of providers for AutoSSL and you will now have the option for Let's Encrypt. Select the radio button next to Let's Encrypt and then click save below.
  5. On the Manage Auto SSL page select "Manage Users", From here you can enable or disable AutoSSL on a per cPanel account basis, It will be enabled for all by default, AutoSSL will check all domains every 24Hrs for certificates, You can force it to check and provision one now by clicking the "Check 'cpuser'" button on the Manage Users page.

You now have Let's Encrypt setup on your server.

Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Support Center Login

Our Login page has moved, Click the button below to be taken to the login page.

n/a Points
2018-09-12 11:45 pm

Getting following error: "getssl: for some reason could not reach http://mysite.com/.well-known/acme-challenge/5i-gxsSBYq5WwJX0CXMsuUXBPSRVk1cg5NGztfGit0Q - please check it manually

 

Already disabled ModSecurity but still no luck

Staff
351 Points
2018-09-13 8:21 am
I recommend checking error logs using cPanel Errors or SSH. Alternatively, you can contact our live support for additional assistance with this.
n/a Points
2018-08-28 7:21 pm

Lets encrypt supports wildcard domains since March. How much longer before we can access this option?I see users asking since then, support still suggests it is not possbile or they are not aware that lets encrypt is capable of wildcard support/Help please 

Staff
31,313 Points
2018-08-29 12:21 pm
You should be able to install this just like any 3rd party wildcard certificate, but I unfortunately could not find a good guide in the Let's Encrypt documentation for Wildcard Certificates. There is a cPanel plugin you can install on your VPS or Dedicated server if you have "root" access. If you are on a shared server, this plugin is not currently available. You can provide manager feedback suggesting they add this feature.
Thank you,
John-Paul
n/a Points
2018-08-15 12:13 pm

Hello,

I want to install Let's Encrypt certiticate through Cpanel. Is this the  same feature offeed under the Free SSL option in the CPanel ?

Many thanks,

Teresa Cuervo

Staff
351 Points
2018-08-15 1:32 pm
The SSL from cPanel would be Comodo. If you have a VPS plan, you can choose between Comodo and Let's Encrypt in WHM.
n/a Points
2018-07-06 12:51 am

How to run cmd on step 3

Staff
2,863 Points
2018-07-06 11:21 am
For Step 3 of the section: "Shared Servers" you can simply copy and paste that into the SSH command prompt.
n/a Points
2018-06-26 8:52 pm

I think it would be useful to mention another steps for this, like enable the ssh access for the account and how to use putty, which you have tutorials for.

https://www.inmotionhosting.com/support/website/ssh/shared-reseller-ssh 

https://www.inmotionhosting.com/support/website/file-management/how-to-enable-ssh-through-whm

 

Ps. this is for reseller hosting plan

n/a Points
2018-06-24 3:13 pm

I spent over an hour walking through these steps for my shared hosting account and it resulted in a self-signed certificate which is completely useless except for development purposes (I am new to SSL so didn't realize that until I went through the steps on this page). No where does it say in the tutorial that it is a self signed certificate.

Maybe I did something wrong but that is what I ended up with. So no https in Chrome.

Staff
1,173 Points
2018-06-25 12:13 pm
This tutorial is to get a signed SSL from LetsEncrypt, During the provisioning process lets encrypt will generate a self signed certificate which will later be signed by the LetsEncrypt, Generally this only takes a few minutes but their documentation says it could take up to 48Hrs. If you wanted a simpler way to get a free signed SSL you can do so via your AMP which will provide a free signed one from Comodo Via cPanels AutoSSL.
n/a Points
2018-06-16 8:14 pm

Doesn't Inmotion have the LetsEncrypt Cpanel feature that does all of this plus renewals automatically? Wow, that's pretty inconsiderate of Inmotioin.

Staff
1,173 Points
2018-06-18 11:19 am
cPanel does have this feature but it is not installed by default, By default it will use the cPanel supported AutoSSL via Comodo, Its recommended by cPanel to use their AutoSSL instead as its directly supported by them and will be more reliable, If you have a VPS you can enable the LetsEncrypt feature as detailed in the second part of this tutorial. The first part of this tutorial is showing users how to use a lets encrypt SSL on a shared hosting plan in the event they prefer LetsEncrypt for their CA as the shared servers use cPanel's AutoSSL because that is what we know will always be supported by them.
n/a Points
2018-05-09 1:19 pm
I receive the error below when I run ./getssl $domain
getssl: new-authz error: {
  "type": "urn:acme:error:unauthorized",
  "detail": "Must agree to subscriber agreement before any further actions",
  "status": 403
}

Has anyone seen this before and know how to fix it?

Staff
42,247 Points
2018-05-09 1:53 pm
Apologies for the issue with the error when you're trying to use Let's encrypt. This appears to be an issue that has been an issue with the Let's Encrypt. You should post the issue in their community support section for assistance. I would recommend using the built-in Free SSL options provided with our hosting solutions if you are using an InMotion Hosting account.
n/a Points
2018-04-28 7:24 am

Un fortunately did not work for me on shared hsoting

After step 4 The getssl file contained 400: Invalid request only so the step 5 gave a result of command not found

Staff
42,247 Points
2018-05-01 12:59 pm
Check to make sure that the GETSSL command is there. It will give you that error if it's not executable as well. If you continue to have the problem, please contact our live technical support team as they have access to make changes on a shared server.
n/a Points
2018-04-18 8:31 am

How to use this for multiple domains at once? and Can this be automated without needing to fill cert fields every 3 months

Staff
42,247 Points
2018-04-18 8:37 am
You would need to have a plugin for cPanel depending upon your account type - this would only be available on a VPS or dedicated server account. As this is a third party plugin we could only provide limited support for it. You may find more information from the vendor providing it. The automation you're asking about is part of the AutoSSL option provided with cPanel. Using this option requires root access to the server. This is not available on shared servers.

n/a Points
2018-03-29 5:51 am

Is there any way to automate Step 8?

 

With the 90 day life on the cert, i've got a cron job running to run ./getssl - but I'd like to avoid manually having to cut and paste the certificate details into the SSL manager, if possible....

Staff
10,734 Points
2018-03-29 9:31 am
Unfortunately, that step appears to be necessary. Have you checked out the cPanel AutoSSL feature? This automates the renewal process.
n/a Points
2018-03-18 3:52 am

Let's Encrypt now support wildcards...  Can you update this? Or setup another one explaining how to get a wildcard from them???

Staff
2,863 Points
2018-03-19 10:41 am
Thanks for your comment and recommendation. We will definitely consider improving our Support Center with your suggestion!
n/a Points
2018-02-02 6:18 pm

im have a issue here is what im getting 

"getssl: for some reason could not reach http://mysite.com/.well-known/acme-challenge/5i-gxsSBYq5WwJX0CXMsuUXBPSRVk1cg5NGztfGit0Q - please check it manually

[mysite@myserver ~]$ curl --silent --location "mysite.com/.well-known/acme-challenge/5i-gxsSBYq5WwJX0CXMsuUXBPSRVk1cg5NGztfGit0Q"

<html><head><title>Error 406 - Not Acceptable</title><head><body><h1>Error 406 - Not Acceptable</h1><p>Generally a 406 error is caused because a request has been blocked by Mod Security. If you believe that your request has been blocked by mistake please contact the web site owner.</p></body></html>".

the config file looks good called and talk with support and was told to just use comodo..

Any otheir ideas?

Staff
2,863 Points
2018-02-05 11:12 am
The error 406 indicates that ModSecurity is blocking the request you are making. Disabling ModSecurity should allow the command to run.
n/a Points
2017-12-07 9:15 pm

I keep getting 

copying challenge token to /public_html/test/.well-known/acme-challenge/9Ns0GfwvF2tt2-8GZ6Mdy0yEHIwIdX4ayHdF4gkrweI

mkdir: cannot create directory `/public_html': Permission denied

getssl: cannot create ACL directory 9Ns0GfwvF2tt2-8GZ6Mdy0yEHIwIdX4ayHdF4gkrweI

And, with a reseller account, I can't get root access.

Is it my error, or can't get there from here?

 

Staff
2,863 Points
2017-12-08 4:52 pm
I would check the user that you are running the commend with. You'll want to SSH and run these commands as the user that owns the domain. If you are using the correct user, it is possible the permissions may need to be reviewed to ensure the user can write to that directory.
n/a Points
2018-04-15 5:10 pm

The ACL path is wrong. Edit the file .getssl/yourdomain.com/getssl.cfg that was creaetd and remove the first forward slash in the path.  You can do this in your terminal.  Make sure you are in your home directory by entering cd ~

Then open the file to edit:

nano .getssl/yourdomain.com/getssl.cfg

At the end of the file, look for:

ACL=('/public_html/yourdomain.com/.well-known/acme-challenge')

and change it to:

ACL=('public_html/yourdomain.com/.well-known/acme-challenge')

Ctrl-x followed by 'y' then enter to save.

Then enter ./getssl $domain as you did before and this time it should not have the error.

2017-12-04 9:52 pm
I just changed to https. Then I went to Whynopadlock.com and got the following error message about the ONE image I uploaded to my site.;

An image with an insecure url of "http://zayantecreekpress.com/wp-content/uploads/2017/12/DSC00010.jpg" was loaded via the javascript file: https://zayantecreekpress.com/wp-content/themes/zerif-lite/js/parallax.js?ver=v1 on line 192. The insecure URL may not be directly contained in the script file and may exist elsewhere.
You may need to contact your web hosting provider for assistance. This URL will need to be updated to use a secure URL for your padlock to return.
Staff
2,863 Points
2017-12-04 10:49 pm
From what the error is indicating, it seems that the script for the theme you are using is loading a non-https version of the image. Either the script needs to be updated or the image should be re-uploaded. I would recommend first trying to re-upload the image. It may just be something simple like that to complete the conversion to https. Also, using a plugin like Velvet Blues, may help to update all your images/references within your website. However, you may need to reach out to the developer of the theme to ask for an update that will load that particular resource/image over https rather than http. I hope this helps!
n/a Points
2017-11-11 10:52 am

I had to create the folders manually starting from well known and so forth... is ther any way to just make it copy the files there... it tries to create the folders and still no go (no permissions)

Staff
10,734 Points
2017-11-13 10:40 am
You will need sudo or root level privileges.
n/a Points
2017-10-24 6:39 pm

Hi, in your instructions, why can we not add other domain versions eg. domain.com and www.domain.com by default like how it is done with the Auto SSL? Without having to force HTTPS on www.domain.com?

Staff
2,863 Points
2017-10-24 7:33 pm
Unfortunately I am unsure as to the reason why that is not a function of Let's Encrypt. However, I did find by reviewing the Let's Encrypt forums that you can create the Certificate to include both, by generating the CSR with the non-www and www versions of the domain included.
n/a Points
2018-01-23 9:34 pm

in the getssl.cfg, add this before generating the keys:

 

SANS="www.yourDomain.com"

USE_SINGLE_ACL="true"

 

This will let you use the same certificate for both your root domain and the www alternative.With what I understand of how Inmotion Hosting works with SSL, this is what you have to do because you can't upload seperate certficates for these two addresses. 

n/a Points
2017-10-03 3:00 am

mistake: last part of step 6 for Shared Servers - $configfile needs to be $configFile

13,821 Points
2017-10-03 6:43 am
Thanks!
n/a Points
2017-11-24 11:54 am

You should also change it on the last line - for ACL

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

42 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!