in How-Tos

How to add a Let’s Encrypt SSL certificate to your site on shared hosting

These instructions are specifically for a shared hosting account on, but might be useful for other providers as well.

  1. SSH into your account.
  2. Generate a user account key for Let’s Encrypt [1].
    ~$ openssl genrsa 4096 > user.key
    ~$ openssl rsa -in user.key -pubout >
  3. Generate the domain key and a certificate request [1]. Replace “” with your domain.
    ~$ openssl genrsa 4096 > domain.key
    ~$ openssl req -new -sha256 -key domain.key -subj "/"> domain.csr
  4. Get the script from
    ~$ git clone
  5. Sign the certificate by running
    ~$ python2 letsencrypt-nosudo/ --file-based --public-key domain.csr > signed.crt

    You will be asked to run commands in a separate session.
    In the last step, you will have to create a file under public_html/.well-known/acme-challenge/. Its name and content are randomly generated, so make sure to change them accordingly.

    ~$ mkdir -p public_html/.well-known/acme-challenge/
    public_html$ cd !$
    acme-challenge$ echo "file-content" > file-name

    Once you hit enter, the script will try to access that file on your server, so you may have to temporarily disable any redirects in .htaccess. If it is successful, you should see the following message:

    Press Enter when you've got the file hosted on your server...
    Requesting verification for
    Waiting for challenge to pass...
    Passed challenge!
    Requesting signature...
    Certificate signed!
    You can remove the acme-challenge file from your webserver now.
  6. Optionally, delete the .well-known directory.
    public_html$ rm -rf .well-known
  7. Go to CPanel.
    1. Under the Security section, select SSL/TSL. Click on Manage SSL sites.
    2. Select the domain.
    3. Paste the contents of ~/signed.crt into the Certificate: (CRT) field.
    4. Paste the contents of ~/domain.key into the Private Key (KEY) field.
    5. Click on Install Certificate.
  8. Redirect HTTP to HTTPS in .htaccess:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

    Make sure the RewriteCond and RewriteRule directives are the first ones after RewriteEngine.

  9. Voilà! Your site is now HTTPS-capable!

[1] Based on instructions from