How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account

SSL certificates have become a more highly visible topic lately due to Google’s policy announced last September to begin marking pages without SSL certificates as “not secure” in the Chrome browser, the most popular browser in use today. This policy is to take effect in January 2017.

Luckily, a certificate authority called Let’s Encrypt came on the scene last year with the express purpose of promoting encrypted internet connections by providing SSL certificates for free. 

However, obtaining a certificate from Let’s Encrypt and getting it installed on a web server isn’t always an easy task for the average user. The level of difficulty varies from hosting service to hosting service. Here is a list of hosting providers who offer Let’s Encrypt support. Many hosting services would rather sell subscribers an SSL they issue at prices ranging from $39 to $150 dollars per year, and therefore it is in their interest to make using Let’s Encrypt difficult or impossible.

My hosting service, GoDaddy, is not on the list of services that support Let’s Encrypt. However, it is possible to install a Let’s Encrypt SSL certificate on a GoDaddy shared hosting account with a little work. First, you need to have a Linux account, of which there are two types: Classic and cPanel. You can only do this with a cPanel account. GoDaddy seems to want to encourage the migration to cPanel, so they actually offer a free cPanel account for one year to current holders of a classic account. This is the entry level account that only supports one domain. If you have a Classic account, GoDaddy provides good instructions for converting to cPanel.

Once you are set up on cPanel, you can install the SSL certificate. Unfortunately, GoDaddy’s instructions for doing this are rather obtuse and, in some cases, outdated or contradictory. After some trial and error, I hit upon a fairly simple method of accomplishing this. The nice thing about this method is that you don’t need to do anything at the command line level on the GoDaddy server, which can be very daunting for anyone not experienced with Linux.

Step One

Go to ZeroSSL, a browser based interface for getting a Let’s Encrypt SSL. Click on “Online Tools”, then start the “FREE SSL Certificate Wizard”.  Follow the instructions, and you will end up with the following files: a) a domain key, b) a domain CSR (certificate signing request), c) an account key, and d) the domain certificate. As part of the process, you will be asked to create two files with encrypted file names and encrypted content to put in sub-directories of the root directory of your hosting account. The path will look like this: /public_html/.well-known/acme-challenge/  These are the files that are used to prove that you have ownership of the website. The easiest way to do this is with an FTP client like Filezilla. You may have diffuculty creating these sub-directories with the built in cPanel File Manager. Edit: When requesting the certificate at ZeroSSL, be sure to specify both yourdomain.com as well as www.yourdomain.com as a subdomain.

Step Two

Now go to the cPanel for your domain on GoDaddy, scroll down to the Security section, and click on SSL/TLS. Under “Install and Manage SSL for your site (HTTPS)”, click on “Manage SSL sites”.  There you will see a fairly simple form where you provide the following information: a) the domain, b) the certificate, c) the private key, and d) the certificate authority bundle. Items b, c, and d are all things you received from ZeroSSL.  A couple of important points: Included as parts of the certificate are the beginning and ending markers, e.g. “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. If you don’t include these, you will get an error saying the certificate is not valid. Also, the certificate you get from ZeroSSL has two parts, the actual certificate and the Certificate Authority Bundle (CABUNDLE). These are each marked with beginning and ending tags. They will need to be put into two separate boxes on the form. Once you have filled in the form, and you have an indication that the content is correct, click on “Install Certificate”, and you are finished.

You should now have a secure site. You may need to check your site to make sure that internal links reference https instead of http for everything to work right. If you are running WordPress, as I am, you can install a plug in like Easy HTTPS (SSL) Redirection that will take care of these chores for you. All you need to do is change the URL to https in the General settings.

Tagged with: , ,
39 comments on “How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account
  1. Dion says:

    Will this cover sub domains as well?

    • Mike says:

      Yes, but you need to specify the sub-domain when you ask for the Let’s Encrypt certificate. I didn’t mention this, but you should always specify as a minimum yourdomain.com and yourdomain.com with “www.” in front of it. The “www.” is considered in this case a sub-domain.

      • Dion says:

        Will this cover sub domains as well?

        I created the structure off the root public_html/.wel-known/acme-challenge. How do I generate the text files which need to be placed in the acme subdirectory. Do I download the two files and rename them with the file name which appears in the Openssl ui without an extention? This i did and clicked the file on the web page to test. The file displayed on a new tab. I clicked next and got invalid errors on verification. Did I miss something.

        Error I got

        Invalid response from http://30dayriderfitnesschallenge.com/.well-known/acme-challenge/3u9fIJQ5MdY9kno7D92mSEvCn_iC_oAThXUaTNNIsuY: “—–BEGIN CERTIFICATE REQUEST—– MIIE1TCCAr0CAQAwKTEnMCUGA1UEAxMeMzBkYXlyaWRlcmZpdG5lc3NjaGFsbGVu Z2UuY29tMIICIjANBgkqhkiG9w0”

        • Mike says:

          Use a simple text program like Notepad. Copy the content, then save it with the filename they give you. DO NOT add an extension. If you got an error, you missed something. It could be simple like misspelling the directory name, which you did above. Check everything carefully, and if you still can’t find it, start over. That’s all I can suggest.

  2. Jason says:

    Going this route do you still need to renew the cert every 60-90 days?

      • Jeff says:

        In order to renew the cert, do I need to repeat all of the above steps? Thank you very much for the guide by the way it worked great.

        • Mike says:

          Pretty much. I started with a CSR generated by GoDaddy and went through the process again at ZeroSSL. I had to put new files in the /public_html/.well-known/acme-challenge/ directory, then enter the new SSL and CA bundle in the cPanel.

  3. Chris says:

    Excellent, clear guide. Really was looking for a fault with it, found none. I only wish that you’d mentioned the subdomains before in the post.

  4. Awesome. Thanks so much.

  5. Robert says:

    Thanks a lot for this guide Mike, I was looking for away to do this for hours and hours. This was quick and easy.

  6. Roy M J says:

    Thanks a ton bro. Works like charm.

  7. Moose says:

    Thank you so much for these instructions. So much easier than some others I’ve seen, that involve messing around with Linux. Shame on GoDaddy for making this so difficult.

  8. Dan says:

    Hi, will i still be able to use the ordinary http version of the site after this change?

    I’m only looking to SSL a login page you see.

    Thanks

    • Mike says:

      I guess that is possible, although I’m not sure why you would want to do that. It would be a matter of how you manage links and redirects on your website.

  9. This is awesome, thanks so much! I have a client on a very limited budget, so I’m trying to utilize free tools and services for her wherever possible. This was a big help.

  10. nazir arifin says:

    thank you so much. it works 🙂

  11. Paul says:

    Thank you for this guide!

  12. Lully says:

    Certificate added in less than 5 minutes, great tutorial, thank you very much!

  13. Rupesh says:

    Thanks!

  14. Jeff says:

    Great tutorial! Thanks a lot!

  15. Kaitlyn says:

    After the SSL is installed and working with no errors, do we delete ” /public_html/.well-known/acme-challenge/ ” folder and content?

    Or are we supposed to leave that alone?

    Thanks so much this thing “worked”.

  16. Louis Wood says:

    If I install a Let’s Encrypt SSL certificate on my GoDaddy cPanel shared hosting domain before the existing GoDaddy issued SSL Certificate expires will there be any conflict or will they coexist peacefully until the original GoDaddy certificate expires and goes quietly into the sunset?

    • Mike says:

      I’m not sure they will peacefully coexist. My guess is that the SSL certificate will replace the GoDaddy certificate, but I would talk to GoDaddy support. They should be able to tell you. Or just wait until the GoDaddy certificate expires to replace it.

  17. Matthew says:

    Hello good article please can you help me with the procedure on how to generate the two
    encrypted files using filezilla ? I’m actually new to this but i need to protect my website.

    Thanks in advance.

    • Mike says:

      You need to generate the files using a plain text editor like Windows Notepad or similar. Don’t use Microsoft Word. Once you have generated the files and saved them to your desktop, use Filezilla to upload the files to the host server. You will need to know your FTP credentials to establish the connection.

  18. geekprof says:

    Step two doesn’t work for me. There’s no SSL/TLS options in my cpanel. There’s an SSL something button, but it just takes me to a list of my domains. There are no options for setting anything related to certificates.

    • Mike says:

      Are you using GoDaddy as your hosting service? Not all hosting companies enable that option. Hostgator, for example, does not. They make you either buy an SSL from them or charge you almost as much for installing an SSL from Let’s Encrypt. If you are using GoDaddy and don’t see the option, you should contact GoDaddy support.

  19. Nad says:

    Thanks very much! I have been looking for something like this. I just did it and my website is secure thanks to You. Thanks for saving me hours of headaches!

  20. Jordan says:

    I guess thanks for the advice, but there is no explanation of literally the most arcane part of this entire process – the domain verification part. Everything else is silly easy, but if you don’t know how to do that one not-in-the-least obvious part, you will just waste time doing the other steps.

    • Mike says:

      It was beyond the scope of this tutorial to explain how to use a text editor and FTP. If you are uncomfortable with these basic skills, you should probably not attempt this.

  21. Orion says:

    Gracias Mike 🙂

  22. thanks bro, it was really helpful

  23. Pieter says:

    There seems to be a problem with their tool due to an agreement change

    Unexpected error: Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]

    • Mike says:

      I have never seen these documents and have not encountered this problem. Where and at what step did these documents surface?

      • Pieter says:

        You are required to accept the LetsEncrypt Agreement, which refers to a document on letsencrypt’s website. The document name has changed, but the OpenSSL website has not updated the reference, hence it fails on the verification step with this error

  24. Paul says:

    Thanks for posting this. I made better notes this time so I won’t have to go figure it out again in three months.

  25. Thank You! Godaddy doesn’t make it easy for obvious reasons but your instructions are exactly what I needed to get this done.

2 Pings/Trackbacks for "How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account"
  1. […] hosted there on my reseller store as well. We can use Let’s Encrypt (above) but it’s a manual install. The bottom line is, call support and have them walk you through if you choose to install it. I may […]

  2. […] hosted there on my reseller store as well. We can use Let’s Encrypt (above) but it’s a manual install. The bottom line is, call support and have them walk you through if you choose to install it. I may […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*