Let’s Encrypt Sounds Good, But I Found its Easier Way to be Impossible

About  a year ago, the Internet Security Research Group (ISRG) launched an effort now called Let’s Encrypt to provide free (no cost) SSL certificates for web servers. The EFF (and perhaps others) have launched a set of tools known as certbot that aim to make getting and installing SSL certificates painless.

My experience getting and installing a certificate has been terrible!  After several hours of struggling, I seem to have discovered that Let’s Encrypt works for most everyone, except, of course, me!

UPDATE: A2 Hosting had the answer the whole time! Oops!

I have been requesting and using SSL certificates on Apache web servers for about 20 years.  Except for long wait times being verified, I have found the process painless and quite easy. It seems users have to be able to su or sudo to root in order to be able to request a certificate manually. This can’t be done on the shared hosting system I use. So it goes.

I’ll file this in the category with Bill Gates Tuva initiative which works for “everybody.” That definition of everybody does not include me.

UPDATE: With a bit more searching, I found a project on GitHub called Let’s Encrypt No Sudo which, of course, expects one to use sudo!!! There is a –file-based option that claims it will work without sudo. No such luck! Using this method bombed with the error:


{
"type": "urn:acme:error:malformed",
"detail": "Error creating new cert :: certificate public key must be different than account key",
"status": 400
}
Traceback (most recent call last):
File "../../test/letsencrypt-nosudo-master/sign_csr.py", line 446, in
signed_crt = sign_csr(args.public_key, args.csr_path, email=args.email, file_based=args.file_based)
File "../../test/letsencrypt-nosudo-master/sign_csr.py", line 386, in sign_csr
resp = urllib2.urlopen(csr_url, csr_data)
File "/usr/lib64/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib64/python2.6/urllib2.py", line 397, in open
response = meth(req, response)
File "/usr/lib64/python2.6/urllib2.py", line 510, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.6/urllib2.py", line 435, in error
return self._call_chain(*args)
File "/usr/lib64/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib64/python2.6/urllib2.py", line 518, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 400: Bad Request

So easy and simple to understand . . . NOT! I tried the URL for which this bleeping python script claims it got a 400 error and the page loads just fine.

I’m surrendering again for a while until I calm down enough to follow the easy to use directions!

Happy Slacking!
Stu…

Leave a Comment