Adding Let's Encrypt Cert

Ryan_Gravel · May 5, 2024, 1:01am

For the life of me I cannot get an SSL cert to work. I had 80/443 open to let it go automatically and have tried installing it manually too but it won’t take a certificate. I am going to wait until 5.5 comes out before trying again but it has been a bit frustrating. I read the manual page that says all connections are encrypted but people get a bit nervous when the download page says ‘not secure’.

Anyone had any luck?

Darrell_Swafford · May 6, 2024, 8:02pm

Odd, I have 2 installs. One with lets encrypt from within Simplehelp and one using a wildcard that I uploaded. No issues with either.

Along with the ports being open, are you running simplehelp on port 443 and 80, or another port?
Does it give you any errors?
Also, check your server log, there may be error information that could help.

If you open a support ticket and send your server log to them, they should be able to pinpoint the issue pretty quickly.

Darrell_Swafford · May 6, 2024, 8:03pm

Oh and is this a windows server or Linux? Make sure your lets encrypt root certificates are up to date on the server OS.

Ryan_Gravel · May 6, 2024, 8:25pm

Debian 12 on another port originally. I tried using ‘sudo certbot certonly --key-type rsa --manual --preferred-challenges=dns -d domain.com’ and telling SH the folder to look in but it doesn’t like it. Same when I opened 80/443 and tried the automated keygen. I forgot to write it down but I think it isn’t liking privkey.pem. Thought it was because of a ECDSA key on my first try. That or the router is filtering something out.

Ryan_Gravel · May 6, 2024, 10:55pm

Third time’s the charm I guess. It won’t look at the local folder where certbot saves the files. Maybe because it adds a 1 to the end of the files like privkey1.key? I redid everything and manually uploaded the cert, priv, and chain files and it took it this time.

Thanks for your time.

Darrell_Swafford · May 7, 2024, 6:31pm

Good to know. I never used the grab from folder option. Glad you got it sorted.

Ryan_Gravel · November 27, 2024, 11:01pm

Update. This is broken again in 5.5.7.

I had to run a DNS check with certbot again and manually upload the following files in the admin console. Certbot increments the number each time. The files are found in /etc/letsencryptt/archive/yoursite.com/

privkey2.pem
cert2.pem
chain2.pem

I only have 443 open but couldn’t find anything being blocked in the firewall logs. It’s working with the renewed cert so maybe this helps someone.

Randall_Gene_Black · February 11, 2025, 2:39pm

I’m curious as to why SimpleHelp hasn’t implemented the DNS Challenge system that Let’s Encrypt makes available as seen in Nginx? I simple use an API token with my DNS provider and Let’s Encrypt verifies ownership and issues a certificate.