Adding SSL certificate to a web server.
"Let’s Encrypt" is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
Windows: open cmd prompt or Power Shell as administrator.
Windows: certbot certonly --manual -d pigtail.net -d www.pigtail.net
Linux: sudo certbot certonly --manual -d pigtail.net -d www.pigtail.net
Phase 1: Prove of domain control:
certbot will ask you to create a new folder/directory with a long encrypted string at
document_root/.well-known/acme-challenge/
(GoDaddy: /public_html/.well-known/acme-challenge/ ).
Create a file, e.g., "index.html" in that newly created directory.
Edit the file "index.html" such that it has exactly one line of string given by certbot (ignore all html syntax)
(hint: a CRLF or LF is required at the end of the string)
If prove of domain control is successful, certificates with 90 days validity will be created and stored at:
Windows: c:\certbot\live\
Linux: /etc/letsencrypt/live/
Phase 2: Copy and paste contents of fullchain.pem and privkey.pem via "cPanel Admin":
cPanel --- Security --- SSL --- CERTIFICATES(CRT):
copy and paste the fullchain.pem to "Upload a New Certificate" box, click "Save Certificate",
now back to "Certificates on Server", find the new certificate line, click "Install",
copy and paste the privkey.pem to "Private Key" box, click "Install Certificate".
Alternative method of proving domain control.
This method can be painfully slow depending on your DNS server behaviour.
Windows: certbot certonly --manual --preferred-challenges "dns" -d pigtail.net
Linux: sudo certbot certonly --manual --preferred-challenges "dns" -d pigtail.net
Launch GoDaddy DNS manger, create "TXT records" with values (strings) given to you by certbot.
GoDaddy example:
Use Google Admin toolbox to monitor the progress of DNS update.
Renew the certificate before it expires within 30 days:
Windows: certbot certonly --manual -d pigtail.net -d www.pigtail.net
Linux: sudo certbot certonly --manual -d pigtail.net -d www.pigtail.net
You may be asked again to perform prove of domain control. If successful,
Certbot will create updated certificates and store them at:
Windows: c:\certbot\live\
Linux: /etc/letsencrypt/live/
Copy and paste contents of fullchain.pem and privkey.pem via "cPanel Admin" as before.
Other places you can get SSL certificates (price varies from reasonable to "enterprise"):
Comodo, RapidSSL, SSL.COM, DigiCert, Entrust, GeoTrust, GlobalSign, Cloudflare, Symantec, SSL for Free, NameCheap.