Set Up Let’s Encrypt Free HTTPS on Shared Hosting (cPanel)

We decided to buy selstok.com yesterday (for prank :P), and instead of just buying the domain and maybe use it for this server, I bought the hosting package too. My current hosting provider for this site, Dewaweb, supports Let’s Encrypt which you can just click via cPanel, how convenient, really nice! 🙂 Kudos for them! I bought the selstok.com package on my ex-hosting provider and turns out they can’t provide the Let’s Encrypt option and not even the non-root shell access, and just provide cPanel 😐 But I want HTTPS! 🙁 So, I tried some ‘hacks’ and it works! I’ll show you how in this post.

You’ll need:

  1. cPanel access
  2. Another machine’s terminal (e.g: I use my own Ubuntu PC)

We’ll use this site: https://gethttpsforfree.com. Here’s how: (will put screenshot later, duh)

      1. Let’s generate the account.key public key for the first step. On your cPanel, go to Security > SSL/TLS > Private Keys
      2. Create a new 2,048bits sized key. Let’s add “account.key” as the description (optional)
      3. We’ll get a private key that starts with -----BEGIN RSA PRIVATE KEY----- But the site wants the public key… (starts with -----BEGIN PUBLIC KEY----- )
      4. Open your terminal, and create a new file (e.g: account.key) and put our private rsa key there.
      5. Let’s generate the public key: run the command:
        openssl rsa -in account.key -pubout
      6. Copy the public key from the -----BEGIN PUBLIC KEY----- to -----END PUBLIC KEY-----, and paste it on the “Account Public Key” form.
      7. Click “Validate Account Info”
      8. Now, let’s continue to the next step: getting the CSR. We’ll need to make another key: this time let’s call it domain.key. Repeat number 1 to 3, and save the private rsa key as domain.key in your machine.
      9. On the cPanel, go to Security > SSL/TLS > Certificate Signing Requests (CSR)
      10. In the “Generate a New Certificate Signing Request (CSR)” section on the cPanel, choose domain.key as the key. Fill out the required forms. For domains, I fill out www.selstok.com and
        selstok.com. You should fill it out with the subdomains too, if you got any. (DON’T USE * (WILD CARD) :< It’s not supported yet.)
      11. Copy the CSR in the “Encoded Certificate Signing Request” section and paste it in the “Certificate Signing Request” form on the GFH site. Click “Validate CSR”.
      12. Run all the commands provided in the Step 3 on the terminal.
      13. Now, run the command in the Step 4.We need to use the “File-based” instead of running the Python script. So, we need to validate it by creating a file in our site.
      14. Open your cPanel and use File Manager. Don’t forget to turn on the “show hidden files” option by choosing Settings (top right button) > check Show Hidden Files (dotfiles) on the File Manager.
      15. Create the folder and serve the file(s) based on the site’s instruction. Then, if you’ve already done it, click the “I’m serving …” button to proceed.
      16. Yeay! We got the certificate! Now, let’s install it. Go to Security > SSL/TLS > “Install and Manage SSL for your site (HTTPS)
      17. Under the “Install an SSL Website” section, choose the domain. Paste the certificate from the generated “Signed Certificate” textbox to the “Certificate: (CRT)“. Put the domain.key ‘s content as the “Private Key (KEY)“. Click “Install Certificate”.
      18. After a while, your https should work by now 🙂 But let’s redirect every HTTP request to HTTPS using the .htaccess file. Open the File Manager and inside the public_html directory, create .htaccess file. Put this as the content: (source: stackoverflow)
      19. RewriteCond %{HTTPS} off
        # First rewrite to HTTPS:
        # Don't put www. here. If it is already there it will be included, if not
        # the subsequent rule will catch it.
        RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        # Now, rewrite any request to the wrong domain to use www.
        RewriteCond %{HTTP_HOST} !^www\.
        RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

OHHHHH IT WORKS! Before installing my own certificate, when I go to https://selstok.com, it would show a warning that the certificate belongs to my hosting provider… And redirects me to the “buy the SSL” page 😐 facepalm. Thanks a lot to gethttpsforfree and Let’s Encrypt!

Ever since I took the Distributed System course in my uni (currently ongoing), there are a lot of things that I’ve learned! Each of us were given our own server, which we install the OS by ourselves, set up the web server (silly me use Apache and even use pure PHP to do the homework. So hardcore. Should move PHP to the top of my resume instead of Java LOL kidding), configure the domain, use Let’s Encrypt, etc. There are so many homework but it makes us free to explore what we could do with them. I struggled on the midterm exam (hopefully not that bad :<)