Let's Encrypt Certificate Auto Renewal

How to Setup Let's Encrypt Certificate Auto Renewal at HostBrook and GoDaddy virtual shared hostings
Written by HostBrook Admin Last update: May 11, 2019

If you can not or don't want update Let's Encrypt Certificates manually every 3 months (or if you are just afraid you can miss an updating in time), you can setup Auto-Renewing of Certificates. If you are a HostBrook customer, you can make a request and our technical staff can set up auto-renewal of any of your domains during 24 hours from the time of the request. And, of course, you can easy do it by yourself.

Please read below step-by-step instruction on how to set up auto-renewal of Let's Encrypt Certificates, which is valid for both HostBrook and GoDaddy virtual shared hostings.

  • 1

    Enable SSH (Secure Shell) protocol on your Web Hosting account

    Log in to your GoDaddy account and open "My Products".

    Find "Web Hosting" group and click "Manage":

    At the "Settings" group click the tab "Server" and next click the link "Manage" beside "SSH access":

    In the modal window switch SSH Access to "On" and SSH is now enabled:

    Copy data from fields "IP Address" and "Port" and save them somewhere in a text file at your PC. You will need them in future steps. Take a note, for SSH access you also need your "cPanel Username" and "cPanel Password".

  • 2

    Create a new API Key

    Be sure you are login in GoDaddy account. Follow the link:

    https://developer.godaddy.com/keys/

    Hit the button "Create New API Key".

    Enter API Key name, select "Production" Enviroment and hit the button "Next":

    Copy Key and Secret and save them somewhere in a text file at your PC (you will need them in future steps):

    Hit the button "Got it!".

  • 3

    Download and install SSH client

    At this example, we will use PuTTy, client for Windows. Follow the link and download client:

    https://www.chiark.greenend.org.uk/~sgtatham/putty/

    Install PuTTy client.

  • 4

    Connect to your hosting server via SSH client

    Run PuTTy.

    Add IP address and Port Number at the appropriate fields:

    Hit the button "Open". At the security alert window hit the button "Yes":

    Now you get a black window with prompt line "login as". Enter your cPanel Username and press "Enter".

    Enter your cPanel Password and press "Enter":

    If login was successful you can find something like this:

    Now we ready to work with server via SSH.

  • 5

    Install ACME protocol client (acme.sh)

    Type or copy and paste in the PuTTy terminal the next command:

    Press "Enter" and wait until ACME protocol client being installed. The last line in terminal should be result of installation: "Install success!"

    Type or copy and paste in the PuTTy terminal the next command:

    This command returns nothing. This is an example of what you can see at the terminal at the end of this step:

  • 6

    Export API key

    In step 2 we have created API key and got the secret code. This is a time to use it. Paste in the terminal line the next command (replace insert_key_here with the actual key) and press ENTER:

    Paste in the terminal line the another command (replace insert_secret_here with the actual secret code) and press ENTER:

    Both commands return nothing. This is an example how the terminal looks like at the end of this step:

  • 7

    Issue and deploy certificates

    Paste in the terminal line the next command (replace example.com with your domain name) and press ENTER:

    This command returns a lot of lines but at the end, the new certificate will be created and copied in the domain folder:

    Now you need to deploy certificate. Paste in the terminal line the another command (replace example.com with your domain name) and press ENTER:

    This command should return the message "Certificate successfully deployed":

    You are done. The Certificate is installed and Cron job has been created to try to renew the certificate every day. But it does not mean the new certificate will be issued every day - only when Let's Encrypt recognizes the existing certificate as obsoleted the new one will be issued. Usually, the new one will be issued in one month.

  • 7

    Checking procedure

    This step is optional but highly recommended to be sure auto renewal works as it supposed to be.

    Paste in the terminal the next command and press ENTER:

    it has to return the list of all your Cron jobs. You need to be sure acme.sh exists in the list:

    Next, go to cPanel and find tab "SECURITY". Click on "SSL/TLS" link at the tab "SECURITY":

    Click on link "Manage SSL sites.":

    You should see Domain Validated Certificate status for all 5 of your server's subdomains: cpanel., mail., webdisk., webmail., and www, and the new Certificate expiration date:

How to redirect users to SSL-enabled connections

The last thing you need to done is a rederecting of your users to SSL connection only. By default, if the user enter url of your website starting from "http://" unsecured connection will be established. To prevent this you need:

  • 1

    Go to "File Manager" at cPanel

    Click "File Manager" at the tab "FILES":

  • 2

    Open/Edit file .htaccess

    This file should be at the "public_html" folder

    If you can not find this file in the folder, probably you need to Show Hidden Files.

  • 3

    Add next lines at the end of file

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
  • 4

    Save file .htaccess

Do not forget!

  • If you use CMS WordPress

    Do not forget to update your site URL in WorPress settings with https://

  • Check all content for unsafe URL

    To prevent error "HTTPS Mixed Content Warning" or "Unsecure connection" in the browser bar, you need to update all links to images, video, files and etc. at your website content which now needs to be begins with "https://" or "//", for example:

    https://mywordpresssite.com/wp-content/uploads/someimage.jpg

    or:

    //mywordpresssite.com/wp-content/uploads/someimage.jpg

Was this article helpful?

Related articles