: Is it possible to manual renew Let's Encrypt SSL certificate without domain verification? I'm on a shared hosting without SSH access and I host there 20+ domains. The domains don't have a dedicated

@Connie744

As Steffen metioned it is not possible to do the renewals without domain re-validation.

BUT even without SSH access it is possible to automate the Let's Encrypt renewal request which shoould solve your manual validation problem. Have a look at: Lescript on GitHub

The challenges are completed by creating the files and folders using PHP. The only thing you need to do is run this script every 90 days. It generates the SSL certificate into your webroot and you upload it into your hosting administration.

The script requirements are:


PHP 5.3 and up
OpenSSL extension
Curl extension


Before running the script you should also disable all the .htaccess mod_rewrite rules that rewrite URL to it's canonical form. Otherwise when validating domain.com it may rewrite the validation URL to domain.com and the challenge will fail.

Vote Up Vote Down

@Martha676

It is possible to renew the certificate without doing the challenges again? I have the private key for the certificate, so can't they validate the domains based on that?


With the private key you could only prove that you are in the possession of the private key. You could not prove that you own the domain too. But a certificate should be used to validate access to a specific host and not the access to a specific key. That's why you need to re-validate the domain.

Just imagine if you would buy a domain from somebody and this one could create a certificate for the domain for the next 50 years - just because he has once owned the domain even if it was sold long ago.

Vote Up Vote Down