Well, it has been quite a journey of learning and it has been quite good. Green Geeks, a big American website hosting company upset myself and a few other customers about their unwillingness to support the latest and best free and open encryption service, Let’s Encrypt. They wanted to sell their SSL certificates instead. The mentality is quite different from this hosting company that we found called Siteground who looks at the big picture. Let me think for a second. I’m a customer. I want to choose my hosting company. One company says ‘come over here and we’ll let you do your own certificates or we’ll sell you one” or company B says ‘We will sell you one and it’s our way or the highway.” Which one will I choose? Green Geeks needs to wake up and smell the coffee.
Anyway, Green Geeks forced me to figure it out by myself but it’s working. I got SSL installed on all my domains at Green Geeks. You can read my tutorial about how to do that here.
Now that you have your SSL stuff installed you probably are like me and have a bunch of Word Press sites. What you will find is you will probably get warnings that look like triangles, exclamation marks, etc, etc.
First, your best resource that I found through this process is this website where you can type in your domain and it will spit back the cause of your no-padlock SSL certificate problem.
Next, you’ll probably find this blog very educational and might help you decide a course of action that is slightly different from my decision to ‘just fix it quick’. For me, my blogs weren’t highly important (like this one) so experimenting didn’t bother me.
Now, without further adieu, here is the ‘quick fix solution’ to the ‘no padlock error in a Word Press website. Just install this plugin and, if it doesn’t fix by default, change the setting to match mine in the screen shot below.
Bonus Feature! Force your Word Press Site to Use HTTPS
Now that you’ve gone to the trouble of making SSL work and then fixing all the errors, why not force all traffic to run via HTTPS so your site is hyper secure? It’s easy with this this plugin. Just… well. Plug it in. And done.
Hopefully everything here works smoothly for you as it did for me. You’ll note my success since I did this tutorial to this blog! 😉
Did Green Geeks (www.greengeeks.com) not want to help you get Let’s Encrypt working in your Cpanel even though it works in cpanel? You aren’t alone. But we can take matter into our own hands, you know.
The tutorial I’m going to share is awesome. It’s pretty much what I based everything on and of course my experience of just making my own self signed SSL to do the same thing but more home-brew.
His tutorial is great if you’ve worked on servers or command lines for a while, but I wasn’t so smart. Hopefully my notes will help the less fluent folk accomplish freedom too.
Let me just give a few side notes to help someone as they do this:
Before beginning, in your terminal, you will need to:
sudo apt-get install git
- steps 6 and 7 – Cpanel help – Note before beginning! At no point should you ever, ever, press enter on your keyboard while in the terminal because it will force you right back to square one and you’ll have to delete all this great work you are about to do:
- go to file manager
- go to public_html directory and click it
- click ‘create folder‘ with the + icon
- type ‘.well-known’ (no apostrophes) into the field that says ‘new folder name’
- in top right settings of your control panel hit the cogwheel and click ‘show hidden files’ or you will not see the .well-known folder you just made
- go into the .well-known directory and create another directory called ‘acme-challenge‘ and click ‘create new folder’
- now go inside the ‘acme-challenge’ folder and click the +file button. you will get the file name from your terminal by selecting everything after ‘acme-challenge’ and then using control+shift+C to grab it to clipboard as per this screenshot
- paste it into the file name with control V and ‘create new file’
- now go back to terminal and grab the next bunch of random strings and copy it to clipboard as you are learning so well to do, young champion as per this screenshot:
- highlight your newly created pile of randomness in cpanel
- click the ‘edit’ button top right ish area of the screen and it will give you some warning and you will say ‘uh huh yep’ and click ‘edit’
- you will now control V paste that bad boy into your file (just into the big white space) and click ‘save changes’ and should see ‘success!” because you deserve success by now, my little cherry cake.
- click ‘close’.
- Now you will have to do it again. The tutorial doesn’t say why but I figured it out, by golly. It’s because you had domain.com and www.domain.com so you have to do two verifications. If you had a bunch of subdomains, you’d have to do these steps for all of them as well, FYI. Also, there is no mention about what to do with these random files sitting in these directories in cpanel. You can delete them after the verification is done.
- now go back to his original tutorial and start at step 8
- Note! The coolest part about this experience is when you get this message at the end: ‘Self-Verify of Challenge Failed” – so you are like ‘NOOO!” and then what comes a few seconds later in the terminal? This message: “Congratulations! Your certificate and chain have been saved at…” which is actually the truth. And then you are like ‘YAAAAH!!’ So much drama! So many victory cries!
- step 9 isn’t as easy as the author lets on. It’s also a mystery to my why I cannot have permissions with sudo to do this in the command line but it gives permission denied. I didn’t know there was a permission higher than sudo but….
sudo nautilus yes, but then where? this screenshot should help
Note also typing the first letter of the folder you are searching for will speed things up, like in ‘L’ for ‘letsencrypt’ in the next level 😉
- Step 11 isn’t easy either as he doesn’t explain how to open with ‘gedit’. Just right click on the .pem files, then go to ‘open with other applications’ and then ‘show other applications’ and then start typing ‘gedit’ and it should show right up
Now here is the *critical awesomeness* that took 7 hours of my life to learn. I will never get these hours back so I hope that you will take all the money I didn’t save by spending all the time and get it back out of GreenGeeks who refused to support Let’s Encrypt when at least myself and a few people I referred to Green Geeks asked them if they would help. This, by the way, was the response we got:
No, you don’t support them. But because you didn’t support me, I now support them with this blog post. And for just 5 years of free hosting with the best plan they have, I might be convinced to remove this truth so fewer of your customers find out that they can work around your antics….
Let’s get started taking away those $20 purchases from the Geeks which are Green, shall we, or any of your hosting companies who don’t want to move into the future shall we?
How to Get a Free SSL Cert Working on your Green Geeks Hosting Plan on all your domains with Cpanel
You can create a let’s encrypt certificate for *all* of your shared domains.
Where I lost all my time was where to put the .well-known/acme-challenge in the subdomains and the whole time it was super easy. You just click in, open the main directory under file manager and create the directories right there at the top level. That’s it.
Then you go back and create certs for each domain and pop them in by repeating this tutorial. One for the www and one without.
Done! Now let’s encrypt.
- you have a website domain
- you have shared hosting using cPanel
- you are using a computer running Ubuntu
This isn’t a perfect solution if you have a public facing website, but if you have a private website for yourself, your friends, your business, etc, this will be ‘better than nothing’ and at least give you encryption for your traffic.
Most hosting companies probably sell ‘real’ SSL certificates which cost a certain amount per year. This may make sense if you don’t have time to figure it out, or you don’t have root control of your server, or if your server happens to suck and not be ubuntu. If these things happen, you should consider a hosting change ASAP because someone else is controlling your website.
In my case, I’m financially challenged right now and I have a couple of personal domains I want to secure. Note that I have not yet, as of the date of posting this, figured out what to do for W.O.T. It is still showing ‘not secure’ because it’s not https but I don’t want to use a self-signed certificate because it will scare away most visitors before they start reading.
The best looking solution moving forward, by the way, and I’m trying to plan all my future sites around it is Let’s Encrypt which is supported by some major players but also playing ball with the EFF it looks like. However, if you don’t have control over your terminal on your server and cannot issue commands, I’m not sure that it will work. I’m still investigating.
This tutorial is using Greengeeks cheap shared hosting out of the USA. I remember having to contacts tech support to making this option available in cpanel so you might have to as well
Download and Install OpenSSL on your Ubuntu machine
I assume it would be this command although it has been a while. might have to search it out if this doesn’t work:
sudo apt-get install openssl
Navigate to a Nice Place with your Terminal and Create a Directory Where Your Certificates will be Stored
I gave these a file name of domain-name-ssl-certs, and I did it in my home directory for speed and ease
sudo mkdir domain-name-ssl-certs
Run the Command to Generate the Certificates
You will need to swap out the directory path in this command to the one that matches where you just created the above directory
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /directory/directory/domain-name-ssl-certs/apache.key -out /directory/directory/domain-name-ssl-certs/apache.crt
It will ask you to fill out stuff and the most important is this one which links it to your actual domain:
Common Name (e.g. server FQDN or YOUR name) :example.com
Go to Cpanel back end and prepare to paste in some stuff where it should go
If you don’t see the stuff I’m talking about in this section it may be because your hosting company doesn’t want you to know you can do this because they want to sell you a $20 to $50/year ‘real certificate’. But if you are doing home-based stuff you need not spend. Make them make this function work or move to a company who will.
In my cpanel it’s under ‘security’ and ‘SSL/TLS’. Click that.
Install and Manage SSL for your site (HTTPS)
Go back to your terminal and open those .key and .crt files with a text editor like nano or gedit
sudo nano apache.crt
Select all the text after the — of ‘begin cert’ and before the — of ‘end certificate’ as follows.
with the control and shift button down hit the ‘c’ button to copy it to the clipboard memory.
Go back to your cPanel and paste it in the certificate field. If you get a warning that it doesn’t match yoru domain it’s because you didn’t enter the domain correctly while you were creating the certificate in the ‘Common name’ step above that I warned you about. You should see everything as below except the red warning:
Go back and Open your Private Key that you generated and Copy/Paste it into your Cpanel
sudo nano apache.key
control+shift+C it into this window in cPanel
Click ‘install’ and you should be good to go.
Of course you will always get the ‘this website is dangerous’ warning the first time you visit it but whatever.
Hope that helps. Now to try the same method with ‘let’s encrypt’ and hopefully get rid of the ‘dangerous’ warnings, too!