Adding SSL certificate to a web server.
"Let’s Encrypt" is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
Certbot for Windows is discontinued as of Feb 2024.
Windows: install Ubuntu Terminal Environment (WSL) from Microsoft Store.
(WSL) sudo apt install certbot
(WSL) sudo certbot certificates (show the SSL certificates and expiry dates on local drive)
Start generating SSL certificates for a web server:
(WSL) sudo certbot certonly --manual -d pigtail.net -d www.pigtail.net
Phase 1: Prove of domain control:
certbot will ask you to create a new folder/directory (e.g. using WinSCP) with a long encrypted string at
document_root/.well-known/acme-challenge/
(GoDaddy: /public_html/.well-known/acme-challenge/ ).
Create a file index.html in that newly created directory.
Edit index.html as if it were a text file, it must have exactly one line of string, given by certbot
(important: a CRLF or LF is required at the end of the string)
Repeat the above process one more time.
If prove of domain control is successful, certbot will generate SSL certificates (with 89 days validity period) and save them at:
(WSL) /etc/letsencrypt/live/
Phase 2: Copy and paste contents of fullchain.pem and privkey.pem via Godaddy "cPanel Admin":
(Godaddy) invoke cPanel -- Security -- SSL -- CERTIFICATES(CRT):
(WSL) sudo -s [elevate to superuser (root)]
(WSL) ls /etc/letsencrypt/live/pigtail.net [replace pigtail.net with your domain]
(WSL) cat /etc/letsencrypt/live/pigtail.net/fullchain.pem [replace pigtail.net with your domain]
copy and paste the content of fullchain.pem to the "Upload a New Certificate" box, click "Save Certificate",
back to "Certificates on Server", find the newly uploaded certificate, click "Install",
(WSL) cat /etc/letsencrypt/live/pigtail.net/privkey.pem [replace pigtail.net with your domain]
copy and paste the content of privkey.pem to "Private Key" box, click "Install Certificate".
Alternative method of proving domain control
This method can be easy or painfully slow depending on your DNS server behaviour.
(WSL) sudo certbot certonly --manual --preferred-challenges "dns" -d pigtail.net -d www.pigtail.net
Launch GoDaddy DNS manger, create a "TXT records" with value (strings) given to you by certbot.
GoDaddy example:
Use Google's Admin toolbox to check and monitor the progress of DNS update.
Other sites you can buy SSL certificates (price varies from reasonable to "enterprise $$$") are:
Comodo, RapidSSL, SSL.COM, DigiCert, Entrust, GeoTrust, GlobalSign, Cloudflare, Symantec, SSL for Free, NameCheap.