Generate Let’ Encrypt SSL certificate Manually using the http challenge
If your hosting provider is not supported by Let’s Encrypt and does not allow for SSH, you can try to manually install the Let’s Encrypt SSL certificate. This can be done using Certbot in manual mode. This requires your hosting provider allows you to manually upload a SSL certificate and key.
There are two options when using manual mode. One is DNS which is to place a TXT DNS record with a specific message. I recommend this article by Timan if you’re interested in that method.
The other challenge is HTTP. This is the method I will use as it simply involves putting an index.html file with contents generated by Certbot in a specific directory in your web server’s web root or top level domain.
Getting Started
Start by installing Certbot on your computer.
MacOS
% brew install certbot
Using Certbot
First create a variable for your desired domain. I will be using example.com as the domain name.
% DOMAIN=example.com
Now request a certificate using Certbot.
% certbot certonly --manual --preferred-challenges http -d *.$DOMAIN -d $DOMAIN --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096
This is give you an output:
Plugins selected: Authenticator manual, Installer NoneObtaining a new certificatePerforming the following challenges:http-01 challenge for example.ca- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Create a file containing just this data:9dfesxXzKGBjEF_Ore85Z1gzOEIFNLkwqlda63xxgQ.yhDgd47t1KYvAAZe1WeiSNNm6o-E2JEFKSLoN4mtovP0And make it available on your web server at this URL:http://example.ca/.well-known/acme-challenge/9dfesxXzKGBjEF_Ore85Z1gzOEIFNLkwqlda63xxgQ- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
At this point, you will need to create an index.html with just the above string in it. This will be placed on your hosting websites directory at
/.well-known/acme-challenge/9dfesxXzKGBjEF_Ore85Z1gzOEIFNLkwqlda63xxgQ/index.html
For my hosting site (Glowhost), the directory looks like this.
Double check to make sure you can access the page at the url:
http://example.ca/.well-known/acme-challenge/9dfesxXzKGBjEF_Ore85Z1gzOEIFNLkwqlda63xxgQ
If you can, you can hit enter to continue in the terminal.
Next step
If successful, the output will be
Waiting for verification...Cleaning up challengesIMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at:/etc/letsencrypt/live/example.com/fullchain.pemYour key file has been saved at:/etc/letsencrypt/live/example.com/privkey.pemYour cert will expire on 2020-12-17. To obtain a new or tweakedversion of this certificate in the future, simply run certbotagain. To non-interactively renew *all* of your certificates, run"certbot renew"- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donateDonating to EFF: https://eff.org/donate-le
Install Certificate and Key
Now in your hosting provider, locate where you can install a SSL certificate.
For this example, this is what the page look like in cPanel.
For the Certificate:
% cat /etc/letsencrypt/live/example.com/fullchain.pem
For the Private Key:
% cat /etc/letsencrypt/live/example.com/privkey.pem
Copy the output to the corresponding boxes.
Next press “Install Certificate”.
Finished
If successful, you will now have SSL certification for your domain. You can now visit your site to verify it was successful.