How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account

SSL certificates have become a more highly visible topic lately due to Google’s policy announced last September to begin marking pages without SSL certificates as “not secure” in the Chrome browser, the most popular browser in use today. This policy is to take effect in January 2017.

Luckily, a certificate authority called Let’s Encrypt came on the scene last year with the express purpose of promoting encrypted internet connections by providing SSL certificates for free. 

However, obtaining a certificate from Let’s Encrypt and getting it installed on a web server isn’t always an easy task for the average user. The level of difficulty varies from hosting service to hosting service. Here is a list of hosting providers who offer Let’s Encrypt support. Many hosting services would rather sell subscribers an SSL they issue at prices ranging from $39 to $150 dollars per year, and therefore it is in their interest to make using Let’s Encrypt difficult or impossible.

My hosting service, GoDaddy, is not on the list of services that support Let’s Encrypt. However, it is possible to install a Let’s Encrypt SSL certificate on a GoDaddy shared hosting account with a little work. First, you need to have a Linux account, of which there are two types: Classic and cPanel. You can only do this with a cPanel account. GoDaddy seems to want to encourage the migration to cPanel, so they actually offer a free cPanel account for one year to current holders of a classic account. This is the entry level account that only supports one domain. If you have a Classic account, GoDaddy provides good instructions for converting to cPanel.

Once you are set up on cPanel, you can install the SSL certificate. Unfortunately, GoDaddy’s instructions for doing this are rather obtuse and, in some cases, outdated or contradictory. After some trial and error, I hit upon a fairly simple method of accomplishing this. The nice thing about this method is that you don’t need to do anything at the command line level on the GoDaddy server, which can be very daunting for anyone not experienced with Linux.

Step One

Go to ZeroSSL, a browser based interface for getting a Let’s Encrypt SSL. Click on “Online Tools”, then start the “FREE SSL Certificate Wizard”.  Follow the instructions, and you will end up with the following files: a) a domain key, b) a domain CSR (certificate signing request), c) an account key, and d) the domain certificate. As part of the process, you will be asked to create two files with encrypted file names and encrypted content to put in sub-directories of the root directory of your hosting account. The path will look like this: /public_html/.well-known/acme-challenge/  These are the files that are used to prove that you have ownership of the website. The easiest way to do this is with an FTP client like Filezilla. You may have diffuculty creating these sub-directories with the built in cPanel File Manager.

Step Two

Now go to the cPanel for your domain on GoDaddy, scroll down to the Security section, and click on SSL/TLS. Under “Install and Manage SSL for your site (HTTPS)”, click on “Manage SSL sites”.  There you will see a fairly simple form where you provide the following information: a) the domain, b) the certificate, c) the private key, and d) the certificate authority bundle. Items b, c, and d are all things you received from ZeroSSL.  A couple of important points: Included as parts of the certificate are the beginning and ending markers, e.g. “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. If you don’t include these, you will get an error saying the certificate is not valid. Also, the certificate you get from ZeroSSL has two parts, the actual certificate and the Certificate Authority Bundle (CABUNDLE). These are each marked with beginning and ending tags. They will need to be put into two separate boxes on the form. Once you have filled in the form, and you have an indication that the content is correct, click on “Install Certificate”, and you are finished.

You should now have a secure site. You may need to check your site to make sure that internal links reference https instead of http for everything to work right. If you are running WordPress, as I am, you can install a plug in like Easy HTTPS (SSL) Redirection that will take care of these chores for you. All you need to do is change the URL to https in the General settings.

Posted in Website and hosting issues Tagged with: , ,
7 comments on “How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account
  1. Dion says:

    Will this cover sub domains as well?

    • Mike says:

      Yes, but you need to specify the sub-domain when you ask for the Let’s Encrypt certificate. I didn’t mention this, but you should always specify as a minimum yourdomain.com and yourdomain.com with “www.” in front of it. The “www.” is considered in this case a sub-domain.

      • Dion says:

        Will this cover sub domains as well?

        I created the structure off the root public_html/.wel-known/acme-challenge. How do I generate the text files which need to be placed in the acme subdirectory. Do I download the two files and rename them with the file name which appears in the Openssl ui without an extention? This i did and clicked the file on the web page to test. The file displayed on a new tab. I clicked next and got invalid errors on verification. Did I miss something.

        Error I got

        Invalid response from http://30dayriderfitnesschallenge.com/.well-known/acme-challenge/3u9fIJQ5MdY9kno7D92mSEvCn_iC_oAThXUaTNNIsuY: “—–BEGIN CERTIFICATE REQUEST—– MIIE1TCCAr0CAQAwKTEnMCUGA1UEAxMeMzBkYXlyaWRlcmZpdG5lc3NjaGFsbGVu Z2UuY29tMIICIjANBgkqhkiG9w0”

        • Mike says:

          Use a simple text program like Notepad. Copy the content, then save it with the filename they give you. DO NOT add an extension. If you got an error, you missed something. It could be simple like misspelling the directory name, which you did above. Check everything carefully, and if you still can’t find it, start over. That’s all I can suggest.

  2. Jason says:

    Going this route do you still need to renew the cert every 60-90 days?

  3. Chris says:

    Excellent, clear guide. Really was looking for a fault with it, found none. I only wish that you’d mentioned the subdomains before in the post.

Leave a Reply

Your email address will not be published. Required fields are marked *

*