cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Re: Lets Encrypt SSL

Count me in as a user who has been with GoDaddy for a very long time and will be leaving very soon for BlueHost.

 

Small bloggers, large businesses... GoDaddy is about to find out that all money is green. When an animal is trapped, in this case by Google's SSL requirement, it's fight or flight.

 

Flight it is. I really hope some one at GoDaddy is listening; this is my breaking point and I'd rather not have to do this.

Re: Lets Encrypt SSL

I'm trying to setup letsencrypt on a VPS, not hosted by godaddy, and the DNS challenge is failing even after adding the required TXT entry to DNS. I think godaddy is being malicious in blocking free ssl certs. Prove me wrong!

Re: Lets Encrypt SSL

So do GD reps ever step in and help or explain how to solve these issues? Usually the service department is super helpful that’s the one thing I’ve liked, if not they should really start paying attention to these feeds.
New

Re: Lets Encrypt SSL

I had a tech support issue and spoke with GD.  The tech rep was very nice and helpful and asked if there was anything else he could help with.  I decided to get into a discussion about free SSL and how other hosting companies offer it.  Heck, I could have been speaking in an alien language.  He tried to tell me that GD didn't know that it was offered free anywhere.  I told him it was a complete rip off and customers would start jumping ship.  I also asked him if anyone monitors these forums, I was told yes they do.

 

Well Go Daddy, if you are monitoring these forums and with the number of upset customers over this issue, why have you not publicly addressed it?  Or are they afraid if they maintain their costly solution and outright tell us they don't care, more customers will abandon GD?

New

Re: Lets Encrypt SSL

Yes, HostGator and Bluehost are unequivocally better solutions. I'd just bypass the affiliate link and head straight to the site if you don't trust the reviewer's ethics (e.g. if you think they are just putting the highest percentage affiliate payout host at the top of the list).

 Hope those help Smiley Wink

Re: Lets Encrypt SSL

@Bnystrom - I know someone else has asked this before too, but can you share the process involved in setting up Letsencrypt on Godaddy Deluxe Hosting Linux (Shared). Thanks!

Why GoDaddy? You are forcing your non-commercial community to leave.

GoDaddy, please stop making us, your customers -- your loyal community, suffer due to your greedy decision.

 

For years now, everyone I know has used GoDaddy. Its easy, its affordable, and their support is pretty good (even if the call times are really, really long at times...they will support you for as long as you need once you get them on the phone).

 

Well, as of July 2018, Google began implementing its plan to force the world into securing all of their webpages.  Chrome shows websites that do not have a SSL certificate as insecure, and you have to click through an advanced menu to even get to them. Most of your less-savvy individuals won't go further, thinking they'll get some internet STD. Further, it appears that Google isn't working towards the complete filtering of search results from Websites that do not have an SSL certificate.

 

When I contacted GoDaddy support about this, I was informed there was no option but to pay an annual fee for an SSL certificate. When I contacted, I had a hosted Wordpress page with GoDaddy that I was utilizing for my hobby & fansite for my player-organization in EVE Online.  Unfortunately, GoDaddy is not allowing the installation of 3rd party SSL certificates such as those available on LetsEncrypt.com, as they are monetizing the power-move made by Google.

 

So, let me identify for you the Companies that have sponsored and donated to LetsEncrypt.org

LetsEncrypt.org - MAJOR SPONSORS AND DONORS

 

The major players in the game have identified the need for this service, GoDaddy. Its time that you understand what you are doing. You are literally driving customers away, and making those of us that remain SUFFER!

 

Who is suffering?

Start-ups, dreamers, hobbyists, bloggers, fansites and anyone else that wasn't attempting to monetize their website or domain services. In short, GoDaddy, your community. Not your B2B clients, your COMMUNITY. Those that have stuck with you throughout the years...those that have trusted you.

 

So, now, for the first time ever... I'm looking into transferring my Domains to a provider that actually supports growth, and does not hinder it. Of course, that will cost money as well, but those companies have shown that are not after every single dollar they can make off of their customers, and support the needs of their communities.

 

GoDaddy, you are forcing our hands to move away from your service. Your executives that have made this decision need to understand who stands behind LetsEncrypt and the capability to install SSL for free. The negative PR regarding your decision to monetize this NECESSITY at this juncture is ABSOLUTELY costing you money. I don't know how you haven't identified that yet, unless this was an impulsive decision, completely barren of appropriate Risk & Trend analytics.

 

On behalf of YOUR community, please recognize this plea:

Join the massive number of Industry-leaders and allow us the capability to install SSL certificates for free. 

 

 

Respectfully,

- Your Community

Re: Why GoDaddy? You are forcing your non-commercial community to leave.

For 13 years, I've run a website for a group of friends that play Final Fantasy MMOs (XI and XIV).  I went with GoDaddy because they were the best and most affordable in domain names, so I decided to do my site hosting with them, as well.  I've been a loyal customer all this time, and I've purchased additional domain names and hosting space through them, also.  A year and a half ago, I became a stay-at-home mom and money is now tight.  I've had two salepersons call me trying to push me into purchasing a very pricey SSL certificate.  "Don't you care about your site being secure?"  Of course I do, but I don't run an e-commerce site and I can't afford what GoDaddy is charging.  I've weathered a lot of storms with GoDaddy - price increases, delays in PHP upgrades, and now this.  I've researched other hosts, and I can get the same package for less money that also comes with a fully supported SSL certificate for free or a nominal cost.  Come on, GoDaddy, once again you're behind the times and threatening to drive customers away!

New

Re: Why GoDaddy? You are forcing your non-commercial community to leave.


@Moonstone wrote:

For 13 years, I've run a website for a group of friends that play Final Fantasy MMOs (XI and XIV).  I went with GoDaddy because they were the best and most affordable in domain names, so I decided to do my site hosting with them, as well.  I've been a loyal customer all this time, and I've purchased additional domain names and hosting space through them, also.  A year and a half ago, I became a stay-at-home mom and money is now tight.  I've had two salepersons call me trying to push me into purchasing a very pricey SSL certificate.  "Don't you care about your site being secure?"  Of course I do, but I don't run an e-commerce site and I can't afford what GoDaddy is charging.  I've weathered a lot of storms with GoDaddy - price increases, delays in PHP upgrades, and now this.  I've researched other hosts, and I can get the same package for less money that also comes with a fully supported SSL certificate for free or a nominal cost.  Come on, GoDaddy, once again you're behind the times and threatening to drive customers away!


I am in your same shoes, other than I am retired, do a lot of volunteer work and host nonprofit sites and a couple of informational sites, none of which are eCommerce sites.  When I asked a technical representative from GoDaddy why they don't offer a free SSL for none eCommerce like other hosting companies, I was told they were not aware any company was offering for free.  I think that was an outright none truth!  How can you be in this business and not know?  I am slowly transfering and dropping domains I don't really need.  GoDaddy has sucked enough money away from me through the last 12 years.  NO MORE!!!

New

Re: Lets Encrypt SSL

This is EXACTLY why I'm looking elsewhere.  Just got my domain from Go Daddy, but not next year.  I will be looking for a company that is more friendly toward small businesses.

Re: Lets Encrypt SSL

I've been using SSL for Free (https://www.sslforfree.com) to create SSL certificates that I can copy into GoDaddy. The verification process is a bit of a pain, but it works. I think I've renewed mine three times now and since I only do it every 3 months, I have to relearn the process to some degree each time, despite keeping good notes.

 

There's no reason that GoDaddy should be forcing users to either go through this hassle or paid ridiculous prices for SSL certificates. It just makes them seem mean and greedy.

 

I'm also not at all happy about the switch to 365 Mail, as I don't want Microsoft anywhere near my email or my other content.

 

The site has become extremely convoluted and unfriendly to users, with multiple passwords and a "can't get there from here" feel about it. Frankly, I dread doing just about anything on it these days, as it always seems like a battle to get anything done. I've also found a lot of conflicting information in their Help articles.

 

Between these issues and the rather insane amount that I'm paying them annually, perhaps it's finally time to look elsewhere for hosting. I don't relish the idea of moving, but it may be necessary.

 

The one bright spot has been that their Tech Support people have been great and they understand what a confusing pain in the butt GoDaddy has become.

Re: Lets Encrypt SSL


@Bnystrom wrote:

I've been using SSL for Free (https://www.sslforfree.com) to create SSL certificates that I can copy into GoDaddy. The verification process is a bit of a pain, but it works. I think I've renewed mine three times now and since I only do it every 3 months, I have to relearn the process to some degree each time, despite keeping good notes.

 

There's no reason that GoDaddy should be forcing users to either go through this hassle or paid ridiculous prices for SSL certificates. It just makes them seem mean and greedy.


I've also discovered sslforfree. I agree, it's a bit of a hassle to verify the site and cut/paste everything HOWEVER! SSL for Free makes re-upping the cert pretty easy once you get everything set. If anyone reading this is savvy enough to set up a website you should have the tools to get this installed for free.

 

It'll get me by until my contract with GoAway is up. Honestly, this leaves a very bad impression in that I need to "beat out" or "work around" a SERVICE provider. Unreal.

Re: Lets Encrypt SSL

i just need helpconverting my highly over priced ssl to https   Im haveing all kinds of issues after buying all this stuff

Re: Lets Encrypt SSL

If you purchased an SSL certificate from GoDaddy, you should contact Tech Support for assistance, as it's GoDaddy's responsibility to help you get it working. As I said above, I've always found Tech Support to be easy to deal with and very helpful.

Re: Lets Encrypt SSL

they wont help me

--
Thanks,

Magician Timothy Tyler

are try Re: Lets Encrypt SSL

they are trying toget me to pay 199 easy ssl   

Re: are try Re: Lets Encrypt SSL

That's a year or two of hosting with another company that provides free SSL certs!

Time to make the jump; GoDaddy is beyond rediculous on this.

Re: are try Re: Lets Encrypt SSL

I don't know all of the circumstances of your situation, so I really can't comment on this one way or another, but it sounds like you didn't purchase a certificate from GoDaddy, which would explain why they won't help you. That's frustrating, but understandable as I'm sure that their Tech Support people have been barred from helping to install certificates obtained elsewhere, since they obviously prefer to sell them. I don't like this practice at all, but it's their decision to do this.

 

If you have a valid, current SSL certificate from another source, but you're not a technical person, you may need help from a friend, relative or co-worker who can determine what you have and how to install it. I've also found a lot of helpful material online. If you search for instructions for what you have, such as "using SSL for Free (or whatever your certificate source is) with GoDaddy", you should find both written instructions and videos online.

 

If you don't have a valid certificate, all I can suggest is to go to SSL for Free (https://www.sslforfree.com) and follow the instructions. Again, enlist help if you need it. I've only used SSL for Free, so I'm not sure how other free SSL systems work.

Re: are try Re: Lets Encrypt SSL

incorrect  i bought my ssl  from them

Re: are try Re: Lets Encrypt SSL

How long ago? If it was recent, what was their rationale for not helping you?

Re: are try Re: Lets Encrypt SSL

it was last night i bought it they are saying to buy  $199   easy ssl    service to have them  do everything  .I have it installed  its just  not working  right.

Re: are try Re: Lets Encrypt SSL

it was lastnight i bought it and they are saying i need to buy a service
to get easy ssl 1 year for 199

--
Thanks,

Magician Timothy Tyler

Re: are try Re: Lets Encrypt SSL

So they want you to pay for the certificate and an additional 200 buck to install it? That's just insane!

 

If you can't find instructions online to get it working, call them back and demand your money back. You have the right to a refund and perhaps that will convince them to help you get it working without additional cost. If not, get your money back and use one of the free SSL services. There's plenty of online help for them and worst case, it doesn't cost you anything if you can't get it working.

 

Frankly, this whole SSL thing seems to be way overblown, anyway. I ran an e-commerce site for 12 years without one (using a secure checkout service) and only bothered to make the change to SSL because it could be done for free.  Scam sites are now getting SSLs, so they've become somewhat meaningless.  Essentially, Google screwed every honest site by flagging unsecured sites in Chrome and there's little benefit to anyone other than those selling SSL certs.

Re: are try Re: Lets Encrypt SSL

If you don’t have a ton of files, domains and others clutter to the point that you feel somewhat stuck with GD like a lot of us, then cancel your entire account and run, there are better choices now and most offer free SSL and more, I’ve been with GD for 10+ years, I’m stuck a bit becouse in the past I would have clients get a GD account becouse it allowed me to get access to the backend with out touching there personal info, like credit cards and such, now becouse of all this I send people elsewhere and I’m slowly building up elsewhere myself so I can transition, that said if you are stuck go back up to the top of the feed and fallow the links on setting up your own SSL, a free one is really pretty easy and the video is entertaining, and ya maybe you don’t need an SSL but the google push will effect you, for sure. Plus most card processing systems will require you have one if your planning on doing anything that you plan to make money on or if you want to be taken seriously, make the difficult choices now, do a bit of research and choose the company that will offer the best support, I have to say really surprised they GD is not helping you for free, I have spent hours with the techs solving bigger issues than this at no charge, if they lost that touch then honestly they have nothing left to offer, good luck.

Re: are try Re: Lets Encrypt SSL

The link below provides the most comprehensive, yet simplest and straight forward way to install Letsencrypt. Its going to save you the trouble of dealing with GD and also your money.

 

https://medium.com/@mgav/how-to-install-lets-encrypt-free-ssl-certificate-via-zerossl-and-godaddy-s-...

Re: are try Re: Lets Encrypt SSL

Another link about a detailed installation of Let's Encrypt Certificate (including Wildcard and Multi-domain Certificates) on cPanel hosting using SSLForFree service: https://hostbrook.com/lets-encrypt

Sincerely,
Dzyanis Sukhanitski

Re: Lets Encrypt SSL

emreunal's script worked without problem on a GoDaddy VPS with cpanel.

 

New

Re: Lets Encrypt SSL

I would not use this as the solution - the best solution is that provided by 

 

 

Re: Lets Encrypt SSL

That sounds great, but posting script commands without any context is not particularly helpful. We really need more detailed instructions, such where you enter these commands. 

Re: Lets Encrypt SSL

You need SSH access. Once you have that, you're in your home directory. If your hosting product gives you permissions, you can enter these on the command line. These instructions are for a single domain, not wildcard domain. Later today, I will try for a wildcard domain so all server components are secured. Right now, they are on self-signed certificates.

 

Emreunal's command line entries were excerpted from a much longer all-possibilities document I saw elsewhere on the interwebs. He found and posted the ones that pertain to some GoDaddy instances.

Re: Lets Encrypt SSL

OK, that's more helpful. I found instructions for enabling SSH for Godaddy hosting here:

https://au.godaddy.com/help/enable-ssh-secure-shell-access-4942

 

...and connection instructions here:

https://au.godaddy.com/help/connect-to-my-web-hosting-account-with-ssh-secure-shell-4943

 

I'll give it a shot and see what happens. According to the first link, it can take up to 72 hours for SSH to be fully enabled, so I probably won't post any results for a while.

Re: Lets Encrypt SSL

you can use the acme for wildcard certs too. Just use godaddys dns api by creating certs with dns challenge. i am using it so i know thats working

 

i will edit my post (if can login with my org account to community forum) or create a new tutorial post for acme.sh for both using single domain or wildcard using.

Re: Lets Encrypt SSL

I've tried to enable SSH, but I'm not sure if it's working. The link that I provided above may be old, as I didn't see the menu shown. This link is text only, but it's more accurate:

https://www.godaddy.com/help/enable-ssh-16102

 

I've turned it on, but I can't tell if it's working, as it still says that it's off on the My Hosting page. I tried changing the password and that didn't seem to make any difference. I'll give it some time and check it again.

 

UPDATE: After a few hours, SSH is now on.

 

Godaddy really needs to do a better job of updating their instructional materials!

 

 

Re: Lets Encrypt SSL

What is your product? Vps, wp hosting etc. ?

Re: Lets Encrypt SSL

I have "Deluxe hosting with cPanel".

I have the built-in SSH app in Windows Powershell enabled and it appears to be working, as when I enter "ssh", it provides syntax info for the command. Is this good enough or would I be better off with a different application like puTTy?

 

Re: Lets Encrypt SSL

SSH client doesnt matter. Just ssh to your hosting and do the steps from my first post. If you have any questions or any problem on any step just let me know so i can help / explain

Re: Lets Encrypt SSL

OK,

  1. I logged in using: ssh <username>@>IPaddress>
  2. I entered the password for the account
  3. I received a message: "attempting to create directory /home/<username>/perl5"
  4. I'm now at a prompt that reads: <username>@<alphanumeric text string> [~]$

Does this seem correct?

Re: Lets Encrypt SSL

Yes it is ok. But if you are not comfortable with unix/ssh, better find some one to do it. or backup all your files before trying this.

Re: Lets Encrypt SSL

That sounds like good advice. Years ago, I was well-acquainted with the DOS command line, but I haven't used Unix/Linux command line to any significant extent in decades. I still have 29 days left on my current SSLs, so I'm not under any pressure to do this.

 

Apparently, the "exit" command works.  Smiley Wink

Re: Lets Encrypt SSL

This method works for creating and deploying wildcard certificates. Working on a VPS, I can't vouch for the process on a shared server. Thanks to emreuenal for the basic method posted earlier in this thread. I continued poking around on the interwebs and found the clues to put the rest of it together here.

 

You need SSH access to the command line. I nuked my VPS to start fresh. There was nothing in the file structure left over from previous work with Let'sEncrypt. The server owner created a cPanel user. The domain is tied to that instance of cPanel, and has a folder which contains that user's content. Start a SSH session in the normal way, log in with the user's name and password. You will be at the root of the user's folder.

 

Install acme.sh

curl https://get.acme.sh | sh

Reload .bashrc for acme.sh alias to take effect

source ~/.bashrc

Create API keys

1. Browse to API Key Management at https://developer.godaddy.com/keys/ and make sure you are logged in to your account.

2. Create a new API key. Name is optional, but I called mine letsencrypt. Make sure to select Production type key.

3. Select and copy the Key code to clipboard and paste it into a temporary text document.

4. Select and copy the Secret code to clipboard and paste it into that text document on a new line. If you click Got It! button, the Secret code disappears never to be seen again. I was cautious and copied to temporary file. You could shortcut copy from browser direct to SSH terminal if you want.

5. In the SSH terminal command line

export GD_Key="key code copied from browser"
export GD_Secret="secret code copied from browser"

Issue a new certificate for your domain

acme.sh --issue -d example.com -d '*.example.com' --dns dns_gd

Deploy the certificates

acme.sh --deploy -d example.com -d '*.example.com' --deploy-hook cpanel_uapi

 

edited to reflect emreuenal's comment below.

I looked and saw there is a cron job in cPanel that takes place daily at 0:49

"/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null

 

Log in to your cPanel, under Security, select SSL/TLS Status. You should see Domain Validated certificate status for all 5 of your server's subdomains: cpanel., mail., webdisk., webmail., and www.

Re: Lets Encrypt SSL

Thank you for this great post. 

 

For auto-renew, you dont need to create a cronjob anymore. After installation and issuing a new cert, acme.sh will create self a cronjob for renewing and the certs will be automatically renewed every 60 days.

 

An Addition: This method works on any godaddy linux hosting with cpanel.

New

Re: Lets Encrypt SSL

Any hints on how to uninstall? I followed the original scripts posted earlier and now I would like to start again with the scripts you posted. I can't scrap the VPS and start again.

Re: Lets Encrypt SSL

You dont need to uninstall your old certs etc. Just issue new certificates with the wildcard method and deploy it. cpanel would automatically delete old certs and use the new certs after deployment
New

Re: Lets Encrypt SSL

ok, I can do that. Should I update the acme.sh? What command should I use to reinstall it? The new version has the crontab command creation in the install?

Re: Lets Encrypt SSL

Update the acme.sh with:

 

acme.sh --upgrade

And do all the steps starting with "Create API keys"

If you issue and deploy the certs, acme will create a cron job for auto-renewing. If you want, you can see that cronjob with command "crontab -e". 

New

Re: Lets Encrypt SSL

Thanks @emreuenal and @HLF-admin for the great posts on auto-renewing Lets Encrypt on GoDaddy.

 

We recently signed up for shared cPanel hosting on GD, and I want to install Lets Encrypt without having to manually update it every 89 days.

 

While I'm pretty tech-savvy in general on Windows and PC hardware, I admit to being completely clueless when it comes to unix/ssh. As I read your posts, I can already see myself either (a) spending another 20 hours learning enough to try to understand your scripts, or (b) forging ahead blindly and screwing up our hosting account, or (c) both of the above.

 

This is a big ask, but since you've already been so generous with your time in following up on this topic, is there any way either of you could post a screenshare video on YouTube or somewhere else that walks complete unix/ssh noobs like me through finding an ssh tool for Windows and setting up that script on GoDaddy's shared hosting? (Or if you're aware of such a video already, post a link to it?)

 

Reading through the thread, I'm sure it would help a lot of people other than just myself (and probably save you a lot of time following up on posts).

 

Dunno if that's possible, but needed to ask before I waste a lot of time studying and end up screwing up our shared hosting anyways. ;-)

 

Thx again,

jobb

Re: Lets Encrypt SSL

Sorry for the delay in replying. Focused elsewhere.

 

While there are plenty of options to make an SSH connection to your server, PuTTY seems to be the most popular, and in my experience standalone application is better than a client imbedded into the OS. My reason mostly is due to easily saved configurations for multiple connections.

SSH.com is a good resource. Check them out here for more info. This part is an easy learning curve to get in front of. Download and install the app appropriate for your environment.

 

The next part is a little different depending on what your hosting server is. You will use basically the same credentials as your FTP access. Host, username and password. You should open up in your home directory. Let your first activities be getting used to viewing directories and permissions.

 

For purposes of installing the Let'sEncrypt certificates, follow the instructions outlined in earlier posts. Generally speaking, server environments, whether shared or VPS, have permissions required to perform commands. If you do not have permission, the system won't let you. I was told that while it *is* possible to break something, permissions won't let you kill everything. And in my experience so far, the critical things are locked down.

 

As for why the command line entries do what they do, you should spend a little time to get up on the learning curve anyway. Hours or days or weeks doesn't matter because once you start to tweak your share of the black box you won't want to go backwards to just letting someone else do all the work. If that's all you wanted "I just want it to work," you have the privilege of paying GoDaddy for their certificate. They install it and make it just "work."

 

Please don't take this comment as anything other than what it is: an invitation to explore the depths of internet infrastructure. For me, it's a learn-as-I-go process, an adventure. Google is my friend, and so are the folks here in the GoDaddy Community.

 

Good luck, and dive in.

 

 

Re: Lets Encrypt SSL

jobb,

I dug the info what @emreuenal and @HLF-admin provided and prepared a detailed step-by-step manual on how to set up auto-renewal of Let's Encrypt on GoDaddy shared hosting for my customers. Please take a look and let me know (in private message) if you get any problems following the instructions:

 

https://hostbrook.com/lets-encrypt-auto-renewal/

 

I have checked it on Deluxe Hosting with cPanel, it works perfectly. Thanks a lot to  @emreuenal and @HLF-admin !

Sincerely,
Dzyanis Sukhanitski

Re: Lets Encrypt SSL

@dzyanis and @emreunal and @HLF-admin 

Thank you so much for your information and help!

I am about to start testing this on a couple of test domains.

 

I realise, before I start, that there are three important security questions to answer.

  1. How do I revoke a certificate once it has been issued? This is what I think should be done, but I don't want to make a mess.
    acme.sh --revoke --domain example.com --domain '*.example.com' --dns dns_gd
    acme.sh --remove --domain example.com --domain '*.example.com' --deploy-hook cpanel_uapi
  2. How do I tell acme that I no longer want to renew a specific certificate, e.g. if I get rid of a domain? Again, this is what I think should be done, but I don't want to make a mistake.
    acme.sh --remove --domain example.com --domain '*.example.com'
  3. Finally, I know that I can upgrade acme.
    acme.sh --upgrade
    The problem is that this isn't an automatic process, which means that I could forget to do it. So, here's the question: Does acme do this automatically with its cron job? Or, should I add a cron job to do this automatically? Or, is there a way to be notified when acme is updated, so that I know to run this command?

Thank you again!

Re: Lets Encrypt SSL

Hello @PaddyLandau,

1. To revoke a certificate:

acme.sh --revoke -d example.com

2. To stop certificate renewal (to remove the cert from the renewal list):

acme.sh --remove -d example.com

3. To make  acme.sh be kept up to date automatically:

acme.sh --upgrade --auto-upgrade

 To disable auto-upgrade:

acme.sh --upgrade --auto-upgrade 0

 Hopefully, it helps you.

Sincerely,
Dzyanis Sukhanitski