Valid as of September 2020
note: if you have shell access and want to automatically renew, follow the steps on this page instead
Much of the current documentation on this from LetsEncryt and Godaddy suggests that this is a very hard thing to do - but I'm okay with spending 10 minutes every 2-3 months for a free, quality SSL certificate. If you are too, here's how I do it.
Here's my certbot command (replace mydomain.com
and *.mydomain.com
with your own):
certbot certonly --manual -d mydomain.com -d *.mydomain.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
From the GoDaddy Admin site, navigate to your site's DNS management screen:
- Domain Manager (or
Domains
) - mysite.com > [...] > Manage DNS
- Add
Host
will be _acme-challenge
(ie: the text record name WITHOUT the domain name part) and TXT Value
will be
whatever your certbot command prompted. This will have to be done twice if you're using a wildcard like me, since
that counts as two domains. TTL
can be very short since it's only a one-time thing.
Within Godaddy site, navigatate to CPanel SSL/TLS screen:
- My Hosting (alias
Hosting & Wordpress
, ...and others) - [Site Name] > [...] > Settings
- File Manager
- CPanel Home
- SSL/TLS
- Click
Manage SSL sites.
Certificate: (CRT)
will be the first section of fullchain.pem
that certbot generated, including the BEGIN
and
END
lines.
Private Key (KEY)
will be the entire file named privkey.pem
that certbot generated.
Certificate Authority Bundle: (CABUNDLE)
will be the second section of fullchain.pem
that certbot generated,
including the BEGIN
and END
lines.
Click Install Certificate
and you're done!