These are the steps to create and install a Let’s Encrypt SSL certificate on your GoDaddy shared hosting account. While these steps have been tested on Godaddy shared cPanel hosting, they should work for any shared hosting company that has cPanel. This doesn’t work with GoDaddy’s classic web hosting because it doesn’t have cPanel.
This is how to get a Let’s Encrypt SSL certificate in manual mode. Manual mode is the way you have to do it with shared hosting (if your shared host is still not providing an easy or automated way to add Let’s Encrypt certificates to your hosting acccount). Manual mode means that you are creating the certificate on your own local computer, and then uploading the certificate to your hosting account.
These steps show you how to also add the SSL certificate on multiple “Addon Domains.” Let’s Encrypt lets you create a “Multi-domain” certificate, also known as a “UC” or “UCC” certificate. This works on GoDaddy shared cPanel hosting to cover all of your sites and subdomains on that account.
These steps assume that:
- Your local computer has a UNIX-like operating system (e.g. Mac, Ubuntu etc). If you’re local computer is Windows, these steps will not work.
- You’re working from a command line terminal.
- You have SSH access to the hosting account. (You can enable SSH access in your GoDaddy cPanel, under “Security,” click SSH Access.)
Part 1: Get the certbot Client
- Install certbot on your local machine:
wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto
Part 2: Create the Multi-Domain SSL Certificate
- Initiate the SSL certificate creation process:
./certbot-auto certonly --manual
- Next, it will ask you to type all of your domains which you want covered by the SSL certificate. Separate domains by a comma. Be sure to include both your www domain and your non-www one. For example, type:
or, for more domains:
also, add any subdomains:
The Following Steps in Part 2 (steps 3 — 11) Will Have To Be Repeated For Each Domain and/or Subdomain.
- Answer “Yes” to this message:
NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you’re running certbot-auto in manual mode on a machine that is not your server, please ensure you’re okay with that.
Are you OK with your IP being logged?
- Next, you will get a message like this:
Make sure your web server displays the following content at http://yoursite.com/.well-known/acme-challenge/rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ before continuing: rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ.VjqjvJCf1eRdblgdXuYkwYAJiyyED4TrW2SXJza0IfU If you don't have HTTP server configured, you can run the following command on the target server (as root): mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge cd /tmp/letsencrypt/public_html printf "%s" rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ.VjqjvJCf1eRdblgdXuYkwYAJiyyED4TrW2SXJza0IfU > .well-known/acme-challenge/rqkZQRZxi8_GLL7Id0kvWoO8HQKQPQRtvGfqfsqTdbQ # run only once per server: $(command -v python2 || command -v python2.7 || command -v python2.6) -c \ "import BaseHTTPServer, SimpleHTTPServer; \ s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \ s.serve_forever()" Press ENTER to continue
- From your own terminal, copy the line that begins with
printf(which is line 11 in the sample above–however copy it from your terminal, not from above). DO NOT COPY with
Cinside the terminal. Highlight, then right-click, then select “Copy.” Be careful not to press ENTER at this point.
- At this point, open a separate terminal window (we’ll call this Terminal 2).
- In Terminal 2, make an SSH connection to your hosting account. In the line below, replace YOUR_USERNAME with your cPanel user name. If you don’t know your cPanel user name, look in your cPanel, under the “Files” section. Click “FTP Accounts.” The “Log In” name is the user name. Also, replace “yoursite.com” with your own site:
- Once you’ve made the connection, navigate to the root directory of the site which the first terminal is referencing. Look back at the message in the first terminal, line 2 where it shows the site in reference (this is necessary if you have multiple “addon” domains.)
- Back in Terminal 2, in your site’s root directory, make the required directories, “.well-known” and “acme-challenge” like this:
mkdir -p .well-known/acme-challenge
- Still in Terminal 2, create the required file by pasting the line which you copied in step 6. You should be able to paste with
- Go back to the first terminal. It should still say at the bottom, “Press ENTER to continue.” Now you can press ENTER.
- It will walk you through repeating these steps (3 — 11) for each domain and subdomain that you listed for the certificate.
After repeating the above steps for all of your domains, you should finally get a message like this:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/yoursite.com/fullchain.pem. Your cert will expire on 201*-**-**. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
- Check that your 4 certificate files were properly created. In Terminal 1, navigate to your local Let’s Encrypt /live/ directory and make sure there exists a folder for your site:
cd /etc/letsencrypt/live/ ls
You should then see a directory named after your site. Navigate into that directory, and then list all the files:
cd yoursite.com ls
You should see 4 files:
cert.pem chain.pem fullchain.pem privkey.pem
- You can now remove the .well-known directory that was created on each site. To do this, go back to Terminal 2, and enter this in the root folder for each site:
rm -rf .well-known
You can now exit Terminal 2.
Part 3: Install The SSL Certificate in Your GoDaddy cPanel Hosting Account
- While still in Terminal 1, still in your
/etc/letsencrypt/live/yoursite.com/directory, open the file fullchain.pem in your local editor, like this (replace “gedit” with your editor, if needed):
sudo gedit fullchain.pem
- Copy the top half of the file (only the first certificate). Copy from the first “—–BEGIN CERTIFICATE—–” to the end of the first certificate, “—–END CERTIFICATE—–”
Once you’ve copied it, close the file.
- Log in to your GoDaddy cPanel shared hosting account. In the Security section, click SSL/TLS. Under Certificates (CRT), click “Generate, view, upload, or delete SSL certificates.”
- Take what you copied and paste it under “Upload a New Certificate”, where it says, “Paste the certificate into the following text box:”
- Type a description and click “Save Certificate.”
- Click “Go Back,” and then click “Return to SSL Manager” at the bottom of page.
- Under “Install and Manage SSL for your site (HTTPS),” click “Manage SSL sites.”
- Under “Install an SSL Website,” select your first domain. Click “Autofill by Domain” and the certificate should populate in the first box. (All 3 boxes may be automatically populated.)
- If the “Private Key (KEY)” field is not filled in: go back to your terminal, open the file privkey.pem (replace “gedit” with your editor, as needed):
sudo gedit privkey.pem
Copy ALL of it, then close the file.
Back in cPanel, paste into the Private Key (KEY) text box.
- If the “Certificate Authority Bundle” is not filled in: go back to your terminal, open the fullchain.pem file again to copy the BOTTOM half:
sudo gedit fullchain.pem
So, copy from the SECOND “—–BEGIN CERTIFICATE—–” to the end of the file: “—–END CERTIFICATE—–“.
After you copy it, close the file.
Paste it into the Certificate Authority Bundle: (CABUNDLE) text box.
- Click “Install Certificate.”
If it’s successful, you should get a response message like this:
SSL Host Successfully Installed
You have successfully configured SSL.
The SSL website is now active and accessible via HTTPS on this domain:
- Click “OK” to close the success message.
- If you created this certificate for more than one domain, then under “Install an SSL Website”, select your next domain that the certificate is for. However, is this certificate is only for one domain, then skip down to step 18.
- Click “Autofill by Domain.” All three boxes should automatically populate.
- If the “Certificate Authority Bundle” is not filled in: go back to your terminal and copy the SECOND part of fullchain.pem, like you did above (in step 10), and paste it into the Certificate Authority Bundle: (CABUNDLE) text box.
- Click “Install Certificate.” You should get a success message.
- Click “OK” to close the success message. Repeat these last few steps (steps 13 — 16) for any other domains that you added to the certificate.
- After a few minutes, you can confirm that the certificate is working by using this SSL Checker.
To renew the SSL certificate, see this: Manual Renew Let’s Encrypt SSL Certificate on GoDaddy Shared cPanel Hosting.