SSL

SSL Cert with Let's Encrypt

If you are moving your site to another ISP, you might need to update your DNS settings. Here's an example of what needed changed when GoDaddy moved me to a different web package.

Currently LetsEncrypt.org will issue free certificates that last for ONLY 90 days. The best approach would be to register a new certificate every other month, in order to NOT have it expire.

GoDaddy DOES NOT have a free integration with LetsEncrypt, which means you need to update your SSL Certs via their cpanel every two months too.

There was a good video describing this process, but it's better to do the work on your local machine instead.

Refer: https://punchsalad.com/ssl-certificate-generator/

The process to use LetsEncrypt is as follow:

Go to each folder on your server that is going to get mapped to a domain or sub-domain

mkdir -p .well-known/acme-challenge

You will need to run certbot on your local machine

Installing Certbot

Refer: https://snapcraft.io/install/certbot/ubuntu

You need to have snap enable, skip these steps if already done

sudo apt update
sudo apt install snapd

How to install certbot itself

sudo snap install certbot --classic

Renewing Let’s Encrypt SSL on a GoDaddy shared cPanel hosting account

Refer: https://quayzar.com/security/renewing-a-lets-encrypt-ssl-certificate-hosted-on-godaddy/

sudo certbot certonly --manual

You will now answer the prompts, you will need to copy a file onto your server folders that match the name and contain the entire string that comes from the prompting. This is how LetsEncrypt verifies you own the server.

Special Note: If you have SSL re-direct automatically turned on, you might need to turn it off so they can reach the folder location.

Create the challenge file and write the data to it:

printf "%s" [filename].[key] > .well-known/acme-challenge/[filename]

In GoDaddy, "My Products", "Web Hosting", Manage, "cPanel Admin", Security, "SSL/TLS", "Manage SSL Sites."

Scroll to the bottom of the page, and you need to select the domain you wish to pin with a certificate.

certbot had displayed locations of the certs on your local, and they are normally locatted somewhere like the following. You can use "sudo gedit" to view the files.

Successfully received certificate.
Certificate is saved at:
/etc/letsencrypt/live/mruckman.com/fullchain.pem
Key is saved at:
/etc/letsencrypt/live/mruckman.com/privkey.pem

You will take the first part of the fullchain.pem file 

-----BEGIN CERTIFICATE-----
KEY IS HERE
-----END CERTIFICATE-----

And that goes into the "Certificate: (CRT)" section, it will show a button to "Autofill", you can use this to complete the "Certificate Authority Bundle: (CABUNDLE)", or you need to copy the entire bottom part of the fullchain.pem there.

Next you need to take the entire privatekey.pem file and paste it into the "Private Key (KEY)" section.

Then click "Install Certificate". Follow these steps for each domain you wish to protect with SSL.