: Is it possible to manual renew Let's Encrypt SSL certificate without domain verification? I'm on a shared hosting without SSH access and I host there 20+ domains. The domains don't have a dedicated
I'm on a shared hosting without SSH access and I host there 20+ domains. The domains don't have a dedicated public IP address, so I'm using TLS/SNI with a shared SSL certificate for all the domains that I'm able to upload into the hosting administration.
Since I don't have SSH access to the server, I used the Let's Encrypt Manual method (http://letsencrypt.readthedocs.org/en/latest/using.html#manual) on a local computer to issue the certificate.
It took a lot of time to validate all the domains (www + non-www = 20 * 2 challenges) and now the SSL certificate is going to expire (the certificate is only for 90 days).
It is possible to renew the certificate without doing the challenges again? I have the private key for the certificate, so can't they validate the domains based on that?
More posts by @Sherry384
2 Comments
Sorted by latest first Latest Oldest Best
As Steffen metioned it is not possible to do the renewals without domain re-validation.
BUT even without SSH access it is possible to automate the Let's Encrypt renewal request which shoould solve your manual validation problem. Have a look at: Lescript on GitHub
The challenges are completed by creating the files and folders using PHP. The only thing you need to do is run this script every 90 days. It generates the SSL certificate into your webroot and you upload it into your hosting administration.
The script requirements are:
PHP 5.3 and up
OpenSSL extension
Curl extension
Before running the script you should also disable all the .htaccess mod_rewrite rules that rewrite URL to it's canonical form. Otherwise when validating domain.com it may rewrite the validation URL to domain.com and the challenge will fail.
It is possible to renew the certificate without doing the challenges again? I have the private key for the certificate, so can't they validate the domains based on that?
With the private key you could only prove that you are in the possession of the private key. You could not prove that you own the domain too. But a certificate should be used to validate access to a specific host and not the access to a specific key. That's why you need to re-validate the domain.
Just imagine if you would buy a domain from somebody and this one could create a certificate for the domain for the next 50 years - just because he has once owned the domain even if it was sold long ago.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.