I use Name Cheap Web Hosting for some of my low-traffic websites, simply because it’s cheaper than most web hosting services, and also because of their uptime and reliability. Everything is perfect except for one thing: Name Cheap Web Hosting does not support the Let’s Encrypt SSL certificate.
Not exactly true. When I say Name Cheap Hosting doesn’t support the Let’s Encrypt SSL certificate, what I want to say is that there is no automatic installation, either through cPanel or through a command-line interface. You cannot install certbot on your own. I’m not sure of the reason why Name Cheap hosting still doesn’t support Let’s Encrypt while most other major hosting providers support it, but seems they have a long-term commitment with a Comodo certificate (I might be wrong). However, all is not lost, if you prefer to install a free certificate instead of paying for an SSL certificate.
The only way to install the Let’s Encrypt certificate on Name Cheap web hosting is to request the SSL certificate manually and install it manually. You cannot install it directly on the web hosting; you need to download it on your computer and then install it manually through cPanel. For this, you’ll need:
- A computer that can run certbot. If you use Linux, you’re in luck! If you use Mac, like me, you are still in luck, but you’ll need a little additional work to be able to run a Linux program. However, if you’re running Windows, I have no idea if it can run certbot manually. I know there is a certbot for windows, but not sure how it works or if it supports full functions.
- A little familiarity with the command line (if not, just copy and paste the commands)
- A sudo account (or admin account) to run certbot
The following is for Mac OS X, as I am only familiar with Mac. If you’re a Linux user, the chance is that you don’t need any help with the certbot. If you’re a Windows user, you may at least get some ideas on how to adapt to the windows environment.
Step 1: Install Homebrew
Homebrew is a command-line program that enables Mac computers to run Linux and Linux command-line programs. It’s easy to install and easy to use, just like a regular Linux command line. You can simply use your Mac Terminal to run Linux commands like native commands.
Go to https://brew.sh and follows the instruction to install Homebrew. Or run the following command line in your Mac Terminal
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”
(The above command line codes might change so check at the link above before running).
Follows the instructions after running the command and completing setup.
Step 2: Install Certbot for Let’s Encrypt
Open your Mac Terminal and run the following command:
brew install certbot
Follows the instruction.
Step 3: Run Certbot
Let’s say we are going to install a Let’s Encrypt SSL certificate for example.com. And we are going to install a wildcard certificate *.example.com.
Open a terminal on your mac and run the following command:
sudo certbot certonly --manual -d example.com -d ‘*.example.com'
Don’t forget the ‘ ‘ around *.example.com. Without them, the system will return an error.
Sometimes, even with the ‘ ‘, it still returns an error. If that occurs, move your cursor to the ‘ and ‘, delete them and write open and close inverted commas (only a single quote). I don’t know why but it works, perhaps a bug?
Enter your password, and Follows on-screen instruction. Just accept any permissions request.
Certbot will then ask you to do 2 things:
- add text record in the DNS records on Name Cheap cPanel. Go to cPanel, search for DNS records and add a new text record. Then go and check if you have the correct DNS record at https://mxtoolbox.com/TXTLookup.aspx. If the correct DNS record is returned, you can go to the next step.
- Add a file in the root folder on the server. Use File Manager in your cPanel or use an FTP client. Go to the root folder (if you have one website, it is directly under the HTTP folder. If you have more than one website on the same hosting package, then it’s usually under the folder with the same name (e.g. example.com folder). Create a new file with the name required by the certbot and copy/paste the code shown by the certbot.
You are good to go now. Make sure your txt record is publicly searchable and correct. (it may show up a few hours later if you have the old txt record with the same name. In that case, make sure you delete the old one before creating the new txt record).
Now complete the SSL certificate request. You are successful if you see the following messages:
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2021-01-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
4. Copy the Let’s Encrypt certificates
You’ll now need to copy the SSL certificates to the cPanel on NameCheap. But first, you may want to copy the folders containing the certificates to a new folder on your mac. I copy the “/etc/letsencrypt” folder to Documents (you can also copy to desktop or any other location).
- Go to Finder -> Go to folder and type “/etc/letsencrypt”
- Select all folders inside the letsencrypt folder and option+drag to a new location (you’ll see a + sign if it is copy and not move)
- Open the archive folder. Your certificates are inside that folder, under each domain name (example.com in this case).
- There are four certificates: cert.pem, chain.pem, full chain.pem and privkey. pem. Cert. pem and privkey. pem is the certificates you need.
- Open TextEdit on your mac and drag the cert. pem to see the content inside. Copy the whole content.
- On your cPanel on Name Cheap, open SSL/TLS, and choose “Manage SSL Sites”
- Select domain “example.com” from the pull-down menu (if you don’t see it, scroll down the page)
- Paste the contents of Cert. pem into Certificate (CRT) text box.
- Now drag privkey. pem to TextEdit and copy the contents.
- Paste the copied contents into the Private Key (KEY) box.
- You don’t need to fill the CABUNDLE box.
- Press Install Certificate.
That’s All. Good luck!
- If you cannot open the certificate folder or certificates, you may need to give permission yourself to have read and write access to these files. Right-click the file/folder and choose “Get Info”. Unlock and add yourself to the Sharing and Permissions section (at the bottom).
- To ensure the next renewal of the Let’s Encrypt certificate goes smooth, it is best to delete the txt record after the successful completion of the certification.