Jump to content

Recommended Posts

I've read that Tommy supports SNI and as such certificates from Let's Encrypt can be installed free of charge: http://www.helionet.org/index/topic/26572-will-heliohost-support-lets-encrypt/.

 

Could somebody please point me in the right direction as to how to actually a certificate up and running? I've been looking around for a while but all the Let's Encrypt tutorials I can find require either SSH access to the server or some sort of cPanel plugin, neither of which are available options as far as I can tell. Installing the certbot client on a local Linux machine and attempting to generate a certificate from there didn't seem to work either.

 

Anyway, seeing as it seems to be possible based on the link above, I thought I would reach out to see if anyone has got this working and could lend a hand - I'd really appreciate it. Maybe I'm just missing something obvious. Any ideas?

 

Link to comment
Share on other sites

You have to generate the cert yourself and upload it in cpanel since we don't support doing it in SSH or cpanel. You're on the right path trying to get certbot running on a Linux box. I don't know of anyone here who has discussed the process though.

Link to comment
Share on other sites

The easiest way is to use a gui type site tool like https://zerossl.com/free-ssl/#crt They use Let's Encrypt under the hood. First type in your domain and follow the easy steps. Use the cpanel filemanager https://tommy.heliohost.org:2083/frontend/paper_lantern/filemanager/index.html to create the .well-known/acme-challenge folder and the random character file with random character content to prove you own the site. Then zerossl will generate your private key, public crt, and your chain file so you can just copy paste it directly into https://tommy.heliohost.org:2083/frontend/paper_lantern/ssl/install.html One tricky thing is they give you the .crt and the .ca in the same box so if you scroll down half way you can see the divider since cpanel wants the three files seperately. You can check if it's correctly installed with this tool https://www.sslshopper.com/ssl-checker.html

Let me know if you need more detailed instructions. If you'd like http://wiki.helionet.org/ access to write up an official tutorial with pictures and step by step instructions as you work your way through the process that would be amazing. :)

Link to comment
Share on other sites

Great, cheers Krydos! Your instructions look nicely detailed and I'll give it a shot tomorrow. As I go I'll take some screenshots and notes. Then if I manage to get through the process successfully I'll let you know - I'd be more than happy to write up a tutorial. If I can't get SSL working, I'll ask for more details.

Link to comment
Share on other sites

Hurrah! I got it working. It wasn't entirely smooth sailing though. In the SSL/TLS section of cPanel there are four sections. It turns out only the fourth section "Manage SSL sites" is the only page that is needed (also, even with your advice I stumbled over the crt and ca combination). I am definitely keen to help share this knowledge and would be grateful if you could suggest the best way/location to upload a tutorial to the wiki.

 

Next step is to see if I can get this working on a Linux box. That way, the 90-day renewal can be automated easily. For now, though, ZeroSSL seems to have done the trick thank you!

Link to comment
Share on other sites

Great, all set thank you. I thought I'd just run my plan by you just to make sure I don't break anything. Here's what I thought would be a useful way to approach things:

  1. Create a new page called "Setting up SSL on Tommy with Let's Encrypt" and add tutorial content.
  2. Edit the existing "Using SSL" page, splitting it into the headings: "SNI (Tommy)", with a short description and link to the tutorial; and "Static IP" basically containing the current content. I would also add a quick explanation at the top of the article explaining the difference between the two sections.

Let me know what you think and if it's all good I'll get going.

Link to comment
Share on other sites

The easiest way is to use a gui type site tool like https://zerossl.com/free-ssl/#crt They use Let's Encrypt under the hood. First type in your domain and follow the easy steps. Use the cpanel filemanager https://tommy.heliohost.org:2083/frontend/paper_lantern/filemanager/index.html to create the .well-known/acme-challenge folder and the random character file with random character content to prove you own the site. Then zerossl will generate your private key, public crt, and your chain file so you can just copy paste it directly into https://tommy.heliohost.org:2083/frontend/paper_lantern/ssl/install.html One tricky thing is they give you the .crt and the .ca in the same box so if you scroll down half way you can see the divider since cpanel wants the three files seperately. You can check if it's correctly installed with this tool https://www.sslshopper.com/ssl-checker.html

Let me know if you need more detailed instructions. If you'd like http://wiki.helionet.org/ access to write up an official tutorial with pictures and step by step instructions as you work your way through the process that would be amazing. :)

 

Thanks a lot Krydos!!!!

You detailed post helped me too for installing SSL on my domain - PERFECTLY!!

I thank you for your work!

Thank you albrox for the topic!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...