Depending on your hosting plan, it is possible that you have limited access to the machine were you app is running, which makes it difficult to generate a free SSL certificate (i.e. installing certbot
) on the web server.
Fortunately, certbot
makes it possible to generate an SSL certificate on a machine other than the one where certificate is going to be installed. For example, you could generate a certificate from your own computer and push it to your web server using good-old cpanel or FTP. To do that, follow these steps:
Step 1. Install certbot
on your computer. If you are using a Debian-based OS, do something like this:
sudo apt-get install certbot
For further instructions about installing certbot
, click here.
Step 2. To get a certificate, run the following command (you will need admin permission to run this command)
certbot certonly --manual --preferred-challenges http
Step 3. Next, enter domain name(s) to be included in your certificate, for example:
Plugins selected: Authenticator manual, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel):
www.my-super-project.com
Step 4. Now, certbot
will start the validation process. Following message will appear, asking you to create a file and place it in .well-known/acme-challenge/
directory in your web server:
Create a file containing just this data:
GXyDY4mNeg46oX55-...
And make it available on your web server at this URL:
http://www.my-super-project.com/.well-known/acme-challenge/GXyDY4m...
Step 5. Once validation is completed, you'll see a message from certbot
showing where certificates have been saved, for example:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.my-super-project.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.my-super-project.com/privkey.pem
Your cert will expire on [3 months from now]. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
That's it! You now have a valid certificate that can be installed in your web application.
Top comments (0)