Generate Let' Encrypt SSL certificate Manually

Timam
2 min readSep 16, 2018

--

SSL Certificate has been made easy with Let's Encrypt. Certbot automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates. And it has a lot of plugin support to easily create wildcard certificate. But if you don't see your desired plugin like you need to create ssl for a specific domain which is being hosted on cPanel, you can follow this guide to generate certificate manually.

Assuming you have access to linux/macOS machine. If you don't have access to linux create a Virtual Machine on your windows or use docker. I am using ubuntu by the way.

Get Certbot

As mentioned earlier, Certbot automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

Request Certificate

Put a domain name into a variable.

$ DOMAIN=example.com

Request a certificate for your domains. You don’t need to edit this command

$ certbot certonly --manual -d *.$DOMAIN -d $DOMAIN --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096

You will see a block with value for a new DNS record.

--------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:qqiR_lsa2AjMfoVR16mH4UDbOxy_E02l0K1CNyz1RdI
Before continuing, verify the record is deployed.
--------------------------------------------------------------------Press Enter to Continue

Open the DNS panel for you domain name and add a new TXT record.
Then go back to the terminal and press Enter. You will be asked to add another one record.
Note: If you are using cPanel you may not see the option to add TXT record. Contact your hosting provider to enable it.

Before pressing Enter the second time you can check if records were deployed. If these records are correct then press Enter and see the result of issuing.

Before continuing, verify the record is deployed.--------------------------------------------------------------------Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2018-06-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Congratulations. You have got a new wildcard certificate for your domain (example.com) and its second-level subdomains (*.example.com).

--

--