The guides online will tell you that this isn't easy, but it's actually really easy and only a simple process that takes about 10 minutes to complete.
This guide takes from raw shared hosting service with a domain attached to it and no HTTPS support, to full SSL support that auto-renews every 60 days for FREE.
The key is acme.sh
Thank you so much to that team. Support them if you can.
This easy but GoDaddy keeps it hidden away.
First enable "SSH access" in GoDaddy in the management panel for your Shared Hosting (not CPanel).
This will take about 5-30 minutes to take effect.
If you haven't already, upload your SSH public & private key to the same hosting in CPanel. To do this, head CPanel, go to "SSH", click "Manage Keys", then go to "Import Key" and import your key.
Once it takes effect, you can use your CPanel login credentials under "Account" as your SSH name and password and SSH into the machine.
sh crazyaccountname:password@ipaddress
Once you're SSH'd use curl to download acme.sh and then install it:
$ curl https://get.acme.sh | sh
This will create a hidden .acme.sh folder, which inside has the acme.sh shell script we use on the next steps.
Head to https://developers.godaddy.com and get yourself a Production level developer API Key and Secret.
Then export them into your SSH environment safely using the commands below
$ export GD_Secret=YOUR_SECRET
$ export GD_Key=YOUR_KEY
This only needs to be done once, ever.
$ .acme.sh/acme.sh --register-account -m <youremailhere>
This will create a valid certificate encapsulating the raw domain, and all subdomains (star syntax).
Feel free to add more specific subdomain by repeating the -d sub.adomain.com syntax for each subdomain you want.
$ .acme.sh/acme.sh --issue --dns dns_gd -d adomain.com -d *.adomain.com
This will add 2 TXT records to your DNS settings one by one, allowing ACME to verify you own the domain. Once the process completes, the script deletes 2 TXT records and spits out a bunch of information about your cert.
You dont need to copy down any of this, as the next step will automatically move the cert from its downloaded spot to the spot where CPanel/GoDaddy expect it.
acme.sh --deploy -d adomain.com --deploy-hook cpanel_uapi
You should see a success readout after a moment or two
Succcessfully deployed to adomain.com
Successfully deployed certificate to 1 of 1 sites via UAPI
Success
You are all done!
You can confirm everything went well by opening up CPanel, going to SSL/TLS, and in the table you'll see a new certificate in there with an expiration 90 days from now. Then you can hit your site using HTTPS and it should work pretty instantly.
To update your certs just SSH in and repeat steps 5 and 6.
Updated for how to update your cert after 60-90 days. The acme script is supposed to create a cron job that re-does steps 5 and 6 but GoDaddy has some way of keeping the cron job from running.
Either way the end game is that every 60-90 days you have to repeat steps 5 and 6. NBD doesn't even require 5 minutes of time.