How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account

SSL certificates have become a more highly visible topic lately due to Google’s policy announced last September to begin marking pages without SSL certificates as “not secure” in the Chrome browser, the most popular browser in use today. This policy is to take effect in January 2017.

Luckily, a certificate authority called Let’s Encrypt came on the scene last year with the express purpose of promoting encrypted internet connections by providing SSL certificates for free. 

However, obtaining a certificate from Let’s Encrypt and getting it installed on a web server isn’t always an easy task for the average user. The level of difficulty varies from hosting service to hosting service. Here is a list of hosting providers who offer Let’s Encrypt support. Many hosting services would rather sell subscribers an SSL they issue at prices ranging from $39 to $150 dollars per year, and therefore it is in their interest to make using Let’s Encrypt difficult or impossible.

My hosting service, GoDaddy, is not on the list of services that support Let’s Encrypt. However, it is possible to install a Let’s Encrypt SSL certificate on a GoDaddy shared hosting account with a little work. First, you need to have a Linux account, of which there are two types: Classic and cPanel. You can only do this with a cPanel account. GoDaddy seems to want to encourage the migration to cPanel, so they actually offer a free cPanel account for one year to current holders of a classic account. This is the entry level account that only supports one domain. If you have a Classic account, GoDaddy provides good instructions for converting to cPanel.

Once you are set up on cPanel, you can install the SSL certificate. Unfortunately, GoDaddy’s instructions for doing this are rather obtuse and, in some cases, outdated or contradictory. After some trial and error, I hit upon a fairly simple method of accomplishing this. The nice thing about this method is that you don’t need to do anything at the command line level on the GoDaddy server, which can be very daunting for anyone not experienced with Linux.

Step One

Go to ZeroSSL, a browser based interface for getting a Let’s Encrypt SSL. Click on “Online Tools”, then start the “FREE SSL Certificate Wizard”.  Follow the instructions, and you will end up with the following files: a) a domain key, b) a domain CSR (certificate signing request), c) an account key, and d) the domain certificate. As part of the process, you will be asked to create two files with encrypted file names and encrypted content to put in sub-directories of the root directory of your hosting account. The path will look like this: /public_html/.well-known/acme-challenge/  These are the files that are used to prove that you have ownership of the website. The easiest way to do this is with an FTP client like Filezilla. You may have diffuculty creating these sub-directories with the built in cPanel File Manager. Edit: When requesting the certificate at ZeroSSL, be sure to specify both yourdomain.com as well as www.yourdomain.com as a subdomain.

Step Two

Now go to the cPanel for your domain on GoDaddy, scroll down to the Security section, and click on SSL/TLS. Under “Install and Manage SSL for your site (HTTPS)”, click on “Manage SSL sites”.  There you will see a fairly simple form where you provide the following information: a) the domain, b) the certificate, c) the private key, and d) the certificate authority bundle. Items b, c, and d are all things you received from ZeroSSL.  A couple of important points: Included as parts of the certificate are the beginning and ending markers, e.g. “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“. If you don’t include these, you will get an error saying the certificate is not valid. Also, the certificate you get from ZeroSSL has two parts, the actual certificate and the Certificate Authority Bundle (CABUNDLE). These are each marked with beginning and ending tags. They will need to be put into two separate boxes on the form. Once you have filled in the form, and you have an indication that the content is correct, click on “Install Certificate”, and you are finished.

You should now have a secure site. You may need to check your site to make sure that internal links reference https instead of http for everything to work right. If you are running WordPress, as I am, you can install a plug in like Easy HTTPS (SSL) Redirection that will take care of these chores for you. All you need to do is change the URL to https in the General settings.

Tagged with: , ,
48 comments on “How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account
  1. Dion says:

    Will this cover sub domains as well?

    • Mike says:

      Yes, but you need to specify the sub-domain when you ask for the Let’s Encrypt certificate. I didn’t mention this, but you should always specify as a minimum yourdomain.com and yourdomain.com with “www.” in front of it. The “www.” is considered in this case a sub-domain.

      • Dion says:

        Will this cover sub domains as well?

        I created the structure off the root public_html/.wel-known/acme-challenge. How do I generate the text files which need to be placed in the acme subdirectory. Do I download the two files and rename them with the file name which appears in the Openssl ui without an extention? This i did and clicked the file on the web page to test. The file displayed on a new tab. I clicked next and got invalid errors on verification. Did I miss something.

        Error I got

        Invalid response from http://30dayriderfitnesschallenge.com/.well-known/acme-challenge/3u9fIJQ5MdY9kno7D92mSEvCn_iC_oAThXUaTNNIsuY: “—–BEGIN CERTIFICATE REQUEST—– MIIE1TCCAr0CAQAwKTEnMCUGA1UEAxMeMzBkYXlyaWRlcmZpdG5lc3NjaGFsbGVu Z2UuY29tMIICIjANBgkqhkiG9w0”

        • Mike says:

          Use a simple text program like Notepad. Copy the content, then save it with the filename they give you. DO NOT add an extension. If you got an error, you missed something. It could be simple like misspelling the directory name, which you did above. Check everything carefully, and if you still can’t find it, start over. That’s all I can suggest.

  2. Jason says:

    Going this route do you still need to renew the cert every 60-90 days?

      • Jeff says:

        In order to renew the cert, do I need to repeat all of the above steps? Thank you very much for the guide by the way it worked great.

        • Mike says:

          Pretty much. I started with a CSR generated by GoDaddy and went through the process again at ZeroSSL. I had to put new files in the /public_html/.well-known/acme-challenge/ directory, then enter the new SSL and CA bundle in the cPanel.

  3. Chris says:

    Excellent, clear guide. Really was looking for a fault with it, found none. I only wish that you’d mentioned the subdomains before in the post.

  4. Awesome. Thanks so much.

  5. Robert says:

    Thanks a lot for this guide Mike, I was looking for away to do this for hours and hours. This was quick and easy.

  6. Roy M J says:

    Thanks a ton bro. Works like charm.

  7. Moose says:

    Thank you so much for these instructions. So much easier than some others I’ve seen, that involve messing around with Linux. Shame on GoDaddy for making this so difficult.

  8. Dan says:

    Hi, will i still be able to use the ordinary http version of the site after this change?

    I’m only looking to SSL a login page you see.

    Thanks

    • Mike says:

      I guess that is possible, although I’m not sure why you would want to do that. It would be a matter of how you manage links and redirects on your website.

  9. This is awesome, thanks so much! I have a client on a very limited budget, so I’m trying to utilize free tools and services for her wherever possible. This was a big help.

  10. nazir arifin says:

    thank you so much. it works 🙂

  11. Paul says:

    Thank you for this guide!

  12. Lully says:

    Certificate added in less than 5 minutes, great tutorial, thank you very much!

  13. Rupesh says:

    Thanks!

  14. Jeff says:

    Great tutorial! Thanks a lot!

  15. Kaitlyn says:

    After the SSL is installed and working with no errors, do we delete ” /public_html/.well-known/acme-challenge/ ” folder and content?

    Or are we supposed to leave that alone?

    Thanks so much this thing “worked”.

  16. Louis Wood says:

    If I install a Let’s Encrypt SSL certificate on my GoDaddy cPanel shared hosting domain before the existing GoDaddy issued SSL Certificate expires will there be any conflict or will they coexist peacefully until the original GoDaddy certificate expires and goes quietly into the sunset?

    • Mike says:

      I’m not sure they will peacefully coexist. My guess is that the SSL certificate will replace the GoDaddy certificate, but I would talk to GoDaddy support. They should be able to tell you. Or just wait until the GoDaddy certificate expires to replace it.

  17. Matthew says:

    Hello good article please can you help me with the procedure on how to generate the two
    encrypted files using filezilla ? I’m actually new to this but i need to protect my website.

    Thanks in advance.

    • Mike says:

      You need to generate the files using a plain text editor like Windows Notepad or similar. Don’t use Microsoft Word. Once you have generated the files and saved them to your desktop, use Filezilla to upload the files to the host server. You will need to know your FTP credentials to establish the connection.

  18. geekprof says:

    Step two doesn’t work for me. There’s no SSL/TLS options in my cpanel. There’s an SSL something button, but it just takes me to a list of my domains. There are no options for setting anything related to certificates.

    • Mike says:

      Are you using GoDaddy as your hosting service? Not all hosting companies enable that option. Hostgator, for example, does not. They make you either buy an SSL from them or charge you almost as much for installing an SSL from Let’s Encrypt. If you are using GoDaddy and don’t see the option, you should contact GoDaddy support.

  19. Nad says:

    Thanks very much! I have been looking for something like this. I just did it and my website is secure thanks to You. Thanks for saving me hours of headaches!

  20. Jordan says:

    I guess thanks for the advice, but there is no explanation of literally the most arcane part of this entire process – the domain verification part. Everything else is silly easy, but if you don’t know how to do that one not-in-the-least obvious part, you will just waste time doing the other steps.

    • Mike says:

      It was beyond the scope of this tutorial to explain how to use a text editor and FTP. If you are uncomfortable with these basic skills, you should probably not attempt this.

  21. Orion says:

    Gracias Mike 🙂

  22. thanks bro, it was really helpful

  23. Pieter says:

    There seems to be a problem with their tool due to an agreement change

    Unexpected error: Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]

    • Mike says:

      I have never seen these documents and have not encountered this problem. Where and at what step did these documents surface?

      • Pieter says:

        You are required to accept the LetsEncrypt Agreement, which refers to a document on letsencrypt’s website. The document name has changed, but the OpenSSL website has not updated the reference, hence it fails on the verification step with this error

  24. Paul says:

    Thanks for posting this. I made better notes this time so I won’t have to go figure it out again in three months.

  25. Thank You! Godaddy doesn’t make it easy for obvious reasons but your instructions are exactly what I needed to get this done.

  26. Absolute Beginner says:

    In your opinion, it is necessary to use a dedicated IP address on a shared GoDaddy hosting account (Linux)? Paying for the dedicated IP address is more expensive than buying the actual SSL certificate of Go Daddy. Thank you for putting these instructions together – I’m an absolute beginner so this already a big learning curve for me (however, I have a bit of time to figure it out and am generally pretty good with this sort of thing).

    • Mike says:

      The short answer is no. A dedicated IP address used to be necessary years ago, but it is no longer required thanks to the introduction of SNI (server name identification), which is supported by all modern browsers and operatiing systems.

  27. Robert G says:

    Great Tutorial.

    One thing that might be new on Godaddy. Install the primarydomain.com (or http://www.primarydomain.com). Then when you are ready to do subdomains (I had 6), just select the subdomain.primarydomain.com and then click autofill.

    This will just use the domain info. This assumes you put each subdomain in the ZeroSSL domain entry to begin with.

  28. The fact that you are able to beat the establishment out to unload your $$$ helped by some advice from good samaritans is such a huge kick. Thanks Mike, the tutes were a godsend and worked flawlessly

  29. Greg says:

    Hey Mike

    After listening to some of your Jazz on this site, I can hear that you are a cool guy….. in many areas. Love your clear explanation and guidance about getting ssl’s on GoDaddy. Worked for me with no hassles. Next I’m trying to create 1 cert with about 80 domains. (including the www’s). Just checked the ssl on LetsEncrypt for fun and see that it appears to have been created 4 February 2015. Interesting. Does that mean they grant themselves an almost lifetime cert? Not restricted like us mortals to 90 days?

  30. Chillax Dog says:

    It’s February 2018 and this post still works great for GoDaddy. Just followed along exactly and now we’re all https’d up. THANK YOU for sharing this easy step by step instructional information for setting up a free SSL on GoDaddy.

  31. Johnny says:

    Hello respected sir,

    how to renew Let’s Encrypt cert. on GoDaddy? Can you explain me in detail? Should I uninstall the previous one and do repeat steps?

    • Mike says:

      From cPanel, go to SSL/TLS, click on Private Keys, and then the “edit” link on the private key you used for the initial installation. Copy the key, then go back to ZeroSSL.com and the certificate wizard. Paste your private key in the left hand box, then follow the same procedure you used the first time. There is no need to delete anything from cPanel, but you can clean out old expired certs if you want. Keep the private key, though. You will use the same one each time.

2 Pings/Trackbacks for "How to install a Let’s Encrypt SSL on a shared GoDaddy hosting account"
  1. […] hosted there on my reseller store as well. We can use Let’s Encrypt (above) but it’s a manual install. The bottom line is, call support and have them walk you through if you choose to install it. I may […]

  2. […] hosted there on my reseller store as well. We can use Let’s Encrypt (above) but it’s a manual install. The bottom line is, call support and have them walk you through if you choose to install it. I may […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*