UPDATE: This method is no longer required if you areย WordPress customer at Bluehost. Bluehost has started offering free SSLs for WordPress customers through Comodo. More information can be found here: https://my.bluehost.com/cgi/help/free-ssl
So, letsencrypt is probably one of the best initiatives surrounding building a secure internet, because encryption is important. I really wanted to figure it out on my shared bluehost account, so here it is.
A few notes before we start, you will need access to a secondary server, local machine, or virtual machine that has python and other dependencies required for the letsencrypt client. Details on that can be found here: https://letsencrypt.readthedocs.org/en/latest/intro.html. I’m working on a way to get this to run on the Bluehost shared server itself so access to another server or doing it on your local machine isn’t required.
Once you’ve got letsencrypt and the required dependencies installed, stay ssh’d into your secondary server and run:
$ ./letsencrypt-auto --email your@emailaddress.com --text --authenticator manual certonly
And follow the prompts. At a certain point, it will give you some commands to run. The only one you really need is the printf command. SSH into the server you want the cert on and get to the root of the domain you’d like and run that command. It will look something like this:
$ printf "%s" aBuNchOfR4nd0mT3Xt > .well-known/acme-challenge/aBuNchOfR4nd0mT3Xt
Once that’s run, go back to the other shell session and finish following the prompts. This will generate a certificate and drop the necessary files in /etc/letsencrypt/live/(the domain you chose)/.
You’ll then need to follow the instructions here to upload the files correctly. Then contact Bluehost support to get the SSL certificate installed. Once that’s done, and any redirects you need to force people to use SSL on your site.
In the future I’ll be writing a script that automates the renewal process. Well, everything but actually re-installing the SSL certificate. You’ll still have to contact Bluehost to get the cert installed.
Hi Garth, any progress on the script that automates the renewal process?
Unfortunately not. The way Bluehost requires SSLs to be installed makes it so that even if you automate the renewal of the cert, you still have to contact them to get the renewed cert installed.
Thanks for answering. Hope they go for happy customers and change that in the future.
They make money and you have to pay for their SSL… I don’t think they will bring something free for you.
Actually, shortly after you made this post, Bluehost started providing free SSLs to WordPress customers. You can find more information here: https://my.bluehost.com/cgi/help/free-ssl
Two questions:
Do you copy and paste the content of the fullchain.pem file to add it to your Bluehost account?
Do you need to purchase a dedicated IP from Bluehost to make it work?
Yeah, you need a dedicated IP, and I *think* all you need is the cert.pem and privkey.pem. When you contact support for the SSL to be installed they’ll let you know if you need more than that.
Hi Garth, is a dedicated IP necessary, as Bluehost proposes? Thanks in advance for the hint…
Yeah, a dedicated IP is required.
Is the dedicated IP a bluehost specific requirement? I know SSL dropped that a while back.
For shared hosting, unfortunately yes. SNI has not been implemented yet. For VPS/Dedicated hosting SNI can be used.
Hey Garth,
now that the Let’s Encrypt CPanel plugin is finished, is it possible for Bluehost to implement this? Afaik they do run some sort of CPanel solution.
https://features.cpanel.net/topic/provide-support-for-lets-encrypt-automated-certificate-management-ssl
Thanks. ๐
That sure would be great! However, I don’t have the power to make that decision. So we’ll see what management decides ๐
This is definitely not a recommended process since letsencrypt certificates require renewal every 3 months. People shouldn’t need to contact the host every three months to update their cert. What really needs to be done is for Bluehost to support letsencrypt in part of their VPS…
Oh definitely not the best way. But currently its the only way on shared hosting. On a VPS server you will have root access and can do it yourself.
Thanks for documenting your challenges, my GoDaddy is up for renewal soon and I was considering Bluehost because just about every author/blogger I follow is using it (and of course get affiliate bonuses). I want the SSL feature, but don’t want the 90 day work on a shared plan. Thinking of going with these guys, they bundle it in for shared plans free: https://www.interserver.net/blog/interserver-offering-free-ssl-cpanel-users/