How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account

SSL certificates have become a more highly visible topic lately due to Google’s policy announced last September to begin marking pages without SSL certificates as “not secure” in the Chrome browser, the most popular browser in use today. This policy is to take effect in January 2017.

Luckily, a certificate authority called Let’s Encrypt came on the scene last year with the express purpose of promoting encrypted internet connections by providing SSL certificates for free. 

However, obtaining a certificate from Let’s Encrypt and getting it installed on a web server isn’t always an easy task for the average user. The level of difficulty varies from hosting service to hosting service. Here is a list of hosting providers who offer Let’s Encrypt support. Many hosting services would rather sell subscribers an SSL they issue at prices ranging from $39 to $150 dollars per year, and therefore it is in their interest to make using Let’s Encrypt difficult or impossible.

My hosting service, GoDaddy, is not on the list of services that support Let’s Encrypt. However, it is possible to install a Let’s Encrypt SSL certificate on a GoDaddy shared hosting account with a little work. First, you need to have a Linux account, of which there are two types: Classic and cPanel. You can only do this with a cPanel account. GoDaddy seems to want to encourage the migration to cPanel, so they actually offer a free cPanel account for one year to current holders of a classic account. This is the entry level account that only supports one domain. If you have a Classic account, GoDaddy provides good instructions for converting to cPanel.

Once you are set up on cPanel, you can install the SSL certificate. Unfortunately, GoDaddy’s instructions for doing this are rather obtuse and, in some cases, outdated or contradictory. After some trial and error, I hit upon a fairly simple method of accomplishing this. The nice thing about this method is that you don’t need to do anything at the command line level on the GoDaddy server, which can be very daunting for anyone not experienced with Linux.

Step One

Go to ZeroSSL, a browser based interface for getting a Let’s Encrypt SSL. Click on “Online Tools”, then start the “FREE SSL Certificate Wizard”.  Follow the instructions, and you will end up with the following files: a) a domain key, b) a domain CSR (certificate signing request), c) an account key, and d) the domain certificate. As part of the process, you will be asked to create two files with encrypted file names and encrypted content to put in sub-directories of the root directory of your hosting account. The path will look like this: /public_html/.well-known/acme-challenge/  These are the files that are used to prove that you have ownership of the website. The easiest way to do this is with an FTP client like Filezilla. You may have diffuculty creating these sub-directories with the built in cPanel File Manager. Edit: When requesting the certificate at ZeroSSL, be sure to specify both yourdomain.com as well as www.yourdomain.com as a subdomain.

Step Two

Now go to the cPanel for your domain on GoDaddy, scroll down to the Security section, and click on SSL/TLS. Under “Install and Manage SSL for your site (HTTPS)”, click on “Manage SSL sites”.  There you will see a fairly simple form where you provide the following information: a) the domain, b) the certificate, c) the private key, and d) the certificate authority bundle. Items b, c, and d are all things you received from ZeroSSL.  A couple of important points: Included as parts of the certificate are the beginning and ending markers, e.g. “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. If you don’t include these, you will get an error saying the certificate is not valid. Also, the certificate you get from ZeroSSL has two parts, the actual certificate and the Certificate Authority Bundle (CABUNDLE). These are each marked with beginning and ending tags. They will need to be put into two separate boxes on the form. Once you have filled in the form, and you have an indication that the content is correct, click on “Install Certificate”, and you are finished.

You should now have a secure site. You may need to check your site to make sure that internal links reference https instead of http for everything to work right. If you are running WordPress, as I am, you can install a plug in like Easy HTTPS (SSL) Redirection that will take care of these chores for you. All you need to do is change the URL to https in the General settings.

Tagged with: , ,
75 comments on “How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account
  1. Dion says:

    Will this cover sub domains as well?

    • Mike says:

      Yes, but you need to specify the sub-domain when you ask for the Let’s Encrypt certificate. I didn’t mention this, but you should always specify as a minimum yourdomain.com and yourdomain.com with “www.” in front of it. The “www.” is considered in this case a sub-domain.

      • Dion says:

        Will this cover sub domains as well?

        I created the structure off the root public_html/.wel-known/acme-challenge. How do I generate the text files which need to be placed in the acme subdirectory. Do I download the two files and rename them with the file name which appears in the Openssl ui without an extention? This i did and clicked the file on the web page to test. The file displayed on a new tab. I clicked next and got invalid errors on verification. Did I miss something.

        Error I got

        Invalid response from http://30dayriderfitnesschallenge.com/.well-known/acme-challenge/3u9fIJQ5MdY9kno7D92mSEvCn_iC_oAThXUaTNNIsuY: “—–BEGIN CERTIFICATE REQUEST—– MIIE1TCCAr0CAQAwKTEnMCUGA1UEAxMeMzBkYXlyaWRlcmZpdG5lc3NjaGFsbGVu Z2UuY29tMIICIjANBgkqhkiG9w0”

        • Mike says:

          Use a simple text program like Notepad. Copy the content, then save it with the filename they give you. DO NOT add an extension. If you got an error, you missed something. It could be simple like misspelling the directory name, which you did above. Check everything carefully, and if you still can’t find it, start over. That’s all I can suggest.

  2. Jason says:

    Going this route do you still need to renew the cert every 60-90 days?

      • Jeff says:

        In order to renew the cert, do I need to repeat all of the above steps? Thank you very much for the guide by the way it worked great.

        • Mike says:

          Pretty much. I started with a CSR generated by GoDaddy and went through the process again at ZeroSSL. I had to put new files in the /public_html/.well-known/acme-challenge/ directory, then enter the new SSL and CA bundle in the cPanel.

  3. Chris says:

    Excellent, clear guide. Really was looking for a fault with it, found none. I only wish that you’d mentioned the subdomains before in the post.

  4. Awesome. Thanks so much.

  5. Robert says:

    Thanks a lot for this guide Mike, I was looking for away to do this for hours and hours. This was quick and easy.

  6. Roy M J says:

    Thanks a ton bro. Works like charm.

  7. Moose says:

    Thank you so much for these instructions. So much easier than some others I’ve seen, that involve messing around with Linux. Shame on GoDaddy for making this so difficult.

  8. Dan says:

    Hi, will i still be able to use the ordinary http version of the site after this change?

    I’m only looking to SSL a login page you see.

    Thanks

    • Mike says:

      I guess that is possible, although I’m not sure why you would want to do that. It would be a matter of how you manage links and redirects on your website.

  9. This is awesome, thanks so much! I have a client on a very limited budget, so I’m trying to utilize free tools and services for her wherever possible. This was a big help.

  10. nazir arifin says:

    thank you so much. it works 🙂

  11. Paul says:

    Thank you for this guide!

  12. Lully says:

    Certificate added in less than 5 minutes, great tutorial, thank you very much!

  13. Rupesh says:

    Thanks!

  14. Jeff says:

    Great tutorial! Thanks a lot!

  15. Kaitlyn says:

    After the SSL is installed and working with no errors, do we delete ” /public_html/.well-known/acme-challenge/ ” folder and content?

    Or are we supposed to leave that alone?

    Thanks so much this thing “worked”.

  16. Louis Wood says:

    If I install a Let’s Encrypt SSL certificate on my GoDaddy cPanel shared hosting domain before the existing GoDaddy issued SSL Certificate expires will there be any conflict or will they coexist peacefully until the original GoDaddy certificate expires and goes quietly into the sunset?

    • Mike says:

      I’m not sure they will peacefully coexist. My guess is that the SSL certificate will replace the GoDaddy certificate, but I would talk to GoDaddy support. They should be able to tell you. Or just wait until the GoDaddy certificate expires to replace it.

  17. Matthew says:

    Hello good article please can you help me with the procedure on how to generate the two
    encrypted files using filezilla ? I’m actually new to this but i need to protect my website.

    Thanks in advance.

    • Mike says:

      You need to generate the files using a plain text editor like Windows Notepad or similar. Don’t use Microsoft Word. Once you have generated the files and saved them to your desktop, use Filezilla to upload the files to the host server. You will need to know your FTP credentials to establish the connection.

  18. geekprof says:

    Step two doesn’t work for me. There’s no SSL/TLS options in my cpanel. There’s an SSL something button, but it just takes me to a list of my domains. There are no options for setting anything related to certificates.

    • Mike says:

      Are you using GoDaddy as your hosting service? Not all hosting companies enable that option. Hostgator, for example, does not. They make you either buy an SSL from them or charge you almost as much for installing an SSL from Let’s Encrypt. If you are using GoDaddy and don’t see the option, you should contact GoDaddy support.

  19. Nad says:

    Thanks very much! I have been looking for something like this. I just did it and my website is secure thanks to You. Thanks for saving me hours of headaches!

  20. Jordan says:

    I guess thanks for the advice, but there is no explanation of literally the most arcane part of this entire process – the domain verification part. Everything else is silly easy, but if you don’t know how to do that one not-in-the-least obvious part, you will just waste time doing the other steps.

    • Mike says:

      It was beyond the scope of this tutorial to explain how to use a text editor and FTP. If you are uncomfortable with these basic skills, you should probably not attempt this.

  21. Orion says:

    Gracias Mike 🙂

  22. thanks bro, it was really helpful

  23. Pieter says:

    There seems to be a problem with their tool due to an agreement change

    Unexpected error: Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]

    • Mike says:

      I have never seen these documents and have not encountered this problem. Where and at what step did these documents surface?

      • Pieter says:

        You are required to accept the LetsEncrypt Agreement, which refers to a document on letsencrypt’s website. The document name has changed, but the OpenSSL website has not updated the reference, hence it fails on the verification step with this error

  24. Paul says:

    Thanks for posting this. I made better notes this time so I won’t have to go figure it out again in three months.

  25. Thank You! Godaddy doesn’t make it easy for obvious reasons but your instructions are exactly what I needed to get this done.

  26. Absolute Beginner says:

    In your opinion, it is necessary to use a dedicated IP address on a shared GoDaddy hosting account (Linux)? Paying for the dedicated IP address is more expensive than buying the actual SSL certificate of Go Daddy. Thank you for putting these instructions together – I’m an absolute beginner so this already a big learning curve for me (however, I have a bit of time to figure it out and am generally pretty good with this sort of thing).

    • Mike says:

      The short answer is no. A dedicated IP address used to be necessary years ago, but it is no longer required thanks to the introduction of SNI (server name identification), which is supported by all modern browsers and operatiing systems.

  27. Robert G says:

    Great Tutorial.

    One thing that might be new on Godaddy. Install the primarydomain.com (or http://www.primarydomain.com). Then when you are ready to do subdomains (I had 6), just select the subdomain.primarydomain.com and then click autofill.

    This will just use the domain info. This assumes you put each subdomain in the ZeroSSL domain entry to begin with.

  28. The fact that you are able to beat the establishment out to unload your $$$ helped by some advice from good samaritans is such a huge kick. Thanks Mike, the tutes were a godsend and worked flawlessly

  29. Greg says:

    Hey Mike

    After listening to some of your Jazz on this site, I can hear that you are a cool guy….. in many areas. Love your clear explanation and guidance about getting ssl’s on GoDaddy. Worked for me with no hassles. Next I’m trying to create 1 cert with about 80 domains. (including the www’s). Just checked the ssl on LetsEncrypt for fun and see that it appears to have been created 4 February 2015. Interesting. Does that mean they grant themselves an almost lifetime cert? Not restricted like us mortals to 90 days?

  30. Chillax Dog says:

    It’s February 2018 and this post still works great for GoDaddy. Just followed along exactly and now we’re all https’d up. THANK YOU for sharing this easy step by step instructional information for setting up a free SSL on GoDaddy.

  31. Johnny says:

    Hello respected sir,

    how to renew Let’s Encrypt cert. on GoDaddy? Can you explain me in detail? Should I uninstall the previous one and do repeat steps?

    • Mike says:

      From cPanel, go to SSL/TLS, click on Private Keys, and then the “edit” link on the private key you used for the initial installation. Copy the key, then go back to ZeroSSL.com and the certificate wizard. Paste your private key in the left hand box, then follow the same procedure you used the first time. There is no need to delete anything from cPanel, but you can clean out old expired certs if you want. Keep the private key, though. You will use the same one each time.

      • Greg says:

        Hi Mike. I have struggled to use your instructions here but there is a problem.

        I quote below the instructions and FAQ’s from Zerossl.com.

        Plus I have tested trying to paste in the Private Key from GoDaddy and it does not work.

        You say “Paste your private key in the left hand box,”

        But this Private Key is actually the domain-key.

        The only thing that should be pasted into the left hand box is the LE key.

        From zerossl.com
        To RENEW just repeat the process, using the same LE key and CSR as you used last time

        The LE key should be only used on the “Details” screen when issuing or renewing your certificate

        https://zerossl.com/ssl-faq.html
        How do I renew?
        The renewal process is very similar to the initial issuance. Just use the same account key and CSR you have used previously on the Details page. Please note that you should be using the account key and NOT the domain key (the latter is normally downloadable on the last step along with the certificate file).
        For the renewal just repeat the process but use your previously created Let’s Encrypt key and CSR on the “Details” screen. Please note that you do not need to use your domain key during the renewal.

        If I am wrong, kindly explain to me.

  32. Edger Sendek says:

    Thanks so much. It was really helpful for me. I searched web for Let’s Encrypt and found your article!

    You can visit us here : infobitservice.com

    Thanks at last

  33. Zen says:

    Thanks Mike, for the walk through.

    i am stuck at the domain verification.
    Code 400. Do you have any idea please?

    May I have your kind advice please?

  34. Carl says:

    Hi Mike,

    Thanks for taking the time to make this article. I followed it step-by-step and am running into an issue I don’t know how to fix.

    It would appear I’m done with installing the cert and everything should work, yet when I type in the URL with “https” I get “not secure” warnings in the browser.

    I checked the SSL with GoDaddy’s cert checker, and it’s showing an invalid cert that was created in Feb ’15 valid to Feb’16, when mine was created in Jan ’18 valid through Apr ’18. I also updated the .htaccess file per GoDaddy’s instructions, but still running into the same issue.

    It appears as if the cert I installed isn’t being recognized or something like that, even though it shows as installed in GoDaddy’s control panel. Of course, GoDaddy is less than helpful with resolving this. Any suggestions?

    • Mike says:

      I see the bogus cert you are talking about. The only thing I can suggest is that you get a new SSL from ZeroSSL using the private key already on the GoDaddy server, and go through the installation process again. Did you verify the Acme-challenge files while on the ZeroSSL website? A small typo somewhere can make the difference between success and failure.

      • Carl says:

        Hey Mike,

        Yes I’ve installed, reinstalled, used GoDaddy’s key’s, the ZeroSSL generated keys, and have verified the Acme-challenge files while on ZeroSSL’s website each time I attempt to create a new cert, all verified with no problem.

        Like I said, I’ve gone through all the steps and I’m not getting any errors, it’s just not working where it matters lol. The only thing I can think of is it not being a dedicated IP, but that shouldn’t matter as you stated in a previous response about that.

        When I look at my certs in the SSL panel in GoDaddy, I can see the one I made, assigned to my domain, with subdomain “www” included. I’ve installed and uninstalled this numerous times with different combos with the keys from GoDaddy, ZeroSSL, etc. all with the same result.

        Every time I ask GoDaddy to see if it’s something on their end that I can’t see, they won’t even touch it. They’ll just send me links on how to install a 3rd party SSL and update the .htaccess file.

      • Greg says:

        Mike it pains me to dare question you because you are the expert and not me.

        But the private key already on the GoDaddy server is the “domain-key”. You need to use the LE key.

        Please see my full comment above from your instructions dated February 24, 2018 at 4:29 pm.

  35. Hi Mike,
    I’m hosting a personal portfolio site via Godaddy basic web hosting plan.it’s a WordPress site and I don’t know how to access cpannel .It only has WordPress dashboard.May you please help me with a simpler method to get free SSL service for my websites.

    Best regards
    Vartika Rastogi

    • Mike says:

      You need to log into GoDaddy with your GoDaddy username and password. This is different from the WordPress dashboard. Also, remember that you need to have the newer style cPanel hosting account. You can’t do this with the older GoDaddy “classic” hosting account.

  36. Hello Mike,
    Thanks for this beautiful and informative piece. I tried to to create acme-challenge folder but all I always get is “error: could not create directory ‘acme-challenge’ in home/d0yap4blahblahblah/public_html/.well-known :directory/home/d0yap4blahblahblah/public_html/.well-known does not exist”

    • Mike says:

      The path doesn’t look right. The path should be: /public_html/.well-known/acme-challenge. It looks like you are using the challenge filename /d0yap4blahblahbla) farther up in the path.

  37. Meg Meyer says:

    Thanks so much! Just used this to do my first ssl! I copied the files from zerossl, then used Filezilla to put them in the correctly named directory on my site. Worked like a charm!

    Anyone know how to get my site to default to using https://?

  38. Keith says:

    Hi,

    I made the mistake of just using example.com (I forgot to do the http://www.example.com) … is there an easy way to fix this error? And, if so, do you know what the fix is?

  39. Hello Mike,
    Thanks for this piece once again. Just wanna let you know that I have figured out a way to create and upload my SSL certificates.

    I’ve written about it on my website https://www.fathomhow.com/how-to-create-free-ssl-certificates-solved-2018/ I hope you check it out and let me know if you do and what you think.

    Cheers.

  40. Harsh Nagda says:

    Hi,

    Great tutotiral.
    It shows key does not match certificate?

    Thanks.

  41. Kumar says:

    I created a directory “/public_html(my domain)/.well-known/acme-challenge/” and copied the generated file over there. But when I try accessing the file, it is saying file not found. I have give full permission. Even tried to place a test file in that directory and that too not accessible. That directory itself not getting recognized. Any thing is wrong?

    • Mike says:

      There is already a directory “/public_html/”, so if you created a directory “/public_html/.well-known/acme-challenge/”, you may have accidentally created the path “/public_html/public_html/.well-known/acme-challenge/”. Check that carefully in your FTP client.

  42. Lissette says:

    Hello, I am new. I foun this value post. So I dont know how to make the FTP process to put the zero files. Do you have a step by step? Thank you.

  43. Dan says:

    Got this done in about 20 minutes. Should have only taken 5 but I was nervous to mess something up. Worked. Liked. A. Champ!! Awesome article and great help on getting SSL setup. Interestingly, the link your article was in a GoDaddy help site in a user comment so at least GoDaddy isn’t blocking this content on their own site. They don’t do it for you, but they don’t stop you either. I can appreciate that.

    Thanks a bunch. Great work.

  44. Sara Porat says:

    Thank you very much for this tutorial. So clear, and so easy and painless, compared to certbot, or paying GoDaddy. One thing I struggled with was how to name the files to put into the well-known directory. ZeroSSL did not offer explicit instruction, just “you will need to create appropriate files with specific text strings.” ZeroSSL’s visual clues, didn’t help me, either. On the “Verification” page, the two columns “domain” and “file” suggested to me that I name the file with the domain name, which of course didn’t work. I tried using the encrypted file itself as the file name. Finally, I copied the link location of each file, and used the destination name for the file name. That worked just fine.
    **Note that the file name includes some but not all of the encrypted text.**

  45. Hello Dear, You have written a nice article. It helped me a lot

4 Pings/Trackbacks for "How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account"
  1. […] hosted there on my reseller store as well. We can use Let’s Encrypt (above) but it’s a manual install. The bottom line is, call support and have them walk you through if you choose to install it. I may […]

  2. […] hosted there on my reseller store as well. We can use Let’s Encrypt (above) but it’s a manual install. The bottom line is, call support and have them walk you through if you choose to install it. I may […]

  3. […] for cPanel” option on your cPanel host – my host did not. So I found another guide How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account to be very helpful. This guide on this page directs you to a site called Zero SSL – this […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*