How to create a Let's Encrypt SSL certificate and install in on your Blacknight hosted website.
At WordCamp Dublin 2017 I spoke with Padraig, a support agent of Blacknight Solutions, where this site, and many of my sites, is hosted. I asked about getting a SSL cert. He recommended their Positive SSL certificate.
Two years later my wife researched cheaper SSL cert options for her consultancy business. She found a cert for $10 per year but then learned how to generate a free Let’s Encrypt SSL certificate on her Mac and applied it to her site.
One of my certs from Blacknight was up for renewal so she generated a cert for that site. As the other certs were about to expire, and I didn’t want to ask her for the new verification files at each renewal (every 3 months), this motivated me to look into creating them on my computer, a Windows laptop. I researched a command line tool for Windows.
I used the ZeroSSL docs and the le64.exe command line help and a good bit of experimenting and finally came up with a flexible command line to use.
As I am setting the domain with a variable I can use this for any site that I wish to generate a certificate for.
This command will update (or create if necessary) 4 files in the damiencarbery.com subdirectory.
I put the files in a subdirectory for organisation – one directory for each domain. When you need to renew the certificate in 3 months these files will be read by the le64.exe program.
The manual part of the process is to upload the verification file for each domain specified in the –domains parameter. In the sample output you can see that it required two verification files.
I would love to be able to trap the request to upload a file and dynamically create the file and upload it but that’s for the bottom of my TODO list.
Setting up in Blacknight Solutions
I have a number of shared hosting accounts with Blacknight Solutions. The control panel is Plesk. It doesn’t have Let’s Encrypt support built in so you have to manually upload two files, the domain CRT and KEY files.
The first thing is to ensure that the website is on its own webspace. Do this when you create webspace for a domain. Otherwise you’ll have to delete the hosting for the domain, create a new website and move the files between the two locations!
Log into control panel, choose Websites, <domain name>, Website Configuration, SSL, Install New Certificate
Choose Install from: file
For Certificate upload the damiencarbery.com.domain.crt file
For Private Key upload the damiencarbery.com.domain.key file.
To verify that the SSL certificate is working correctly I go to the readme.html file in the root directory (if it is a WordPress site) using https. If this displays without any error messages you are good to continue. You should see the lock icon beside the url. You can click on it to view information about the certificate.
If I add the SSL certificate to a WordPress website I then update the WordPress Address (URL) and Site Address (URL) in Settings/General to https. Then I use Search Replace DB to change the urls in the database from http to https. Visit a few pages and check the browser console for errors.
I realise that these instructions are not complete and they skip over some of the steps but they’ll be enough to help me remember how to do it. I may return to this post in the future and fill in more of the details.