Let's Encrypt on free hosting?

[MNTTalking]

Hi.

I want to get Let's Encrypt on free hosting?

[BastelPichi]

5 hours ago, MNTTalking said:

Hi.

I want to get Let's Encrypt on free hosting?

If you sign up with a host like TinkerHost you can generate an SSL Certificate from their client area.

 

Tinkerhost runs on MOFH, meaning youll get the exact same vPanel and features. There will be some additional features from their client area.

Edited June 11 by BastelPichi

[SpookyKipper]

On 6/11/2024 at 10:08 PM, MNTTalking said:

I want to get Let's Encrypt on free hosting?

Let's Encrypt will work on Free Hosting, but the only hosting provider I know that "officially" supports it is InfinityFree.

While mine and the one mentioned above supports GoGetSSL

(I tried providing LE for a few months, but removed due to the complexity of ACME and it constantly requires fixes)

Edited June 16 by SpookyKipper

[BastelPichi]

On 6/16/2024 at 2:53 AM, SpookyKipper said:

Let's Encrypt will work on Free Hosting, but the only hosting provider I know that "officially" supports it is InfinityFree.

While mine and the one mentioned above supports GoGetSSL

(I tried providing LE for a few months, but removed due to the complexity of ACME and it constantly requires fixes)

I used to host an tool that allowed you to generate LE certs. Theres some annoying things tho:

• Lets Encrypt needs HTTP Verification or DNS Verification
  • HTTP wont work due to security system on Free Hosting
  • DNS Verification requires TXT records, e.g. GoGetSSL requires CNAME. CNAME can be created from vPanel directly, while TXT requires you to create an txt record on verificationexample.yourdomain.com (with a domain hosted e.g. on Cloudflare) and then pointing _acme-challenge (in vPanel) to  verificationexample.yourdomain.com
• Rate Limits
  • Lets Encrypt rate limits the amount of certs you can generate for a specific domain (counting all subdomains). Thats why e.g. InfinityFree only allows LE on user's domains and not on free subdomains.
• GoGetSSL and similar have an very easy to use API, while ACME is quite annoying.

If youre still looking to build your own tool id reccomend you use ACMECert, it has support for a bunch of ACME CAs, meaning you can generate SSLs from Google Trust Services, SSL.com, ZeroSSL, Lets Encrypt and Buypass, all for free and with one implementation of software.

[luluhoste]

Thank you for the link  ACMECert, it's useful 😃

[BastelPichi]

4 hours ago, luluhoste said:

Thank you for the link  ACMECert, it's useful 😃

Oh and before anyone here wastes their time: Iirc ACMECert, or nearly any ACME client, wont work on iFastNet free hosting.

[SpookyKipper]

On 6/16/2024 at 8:53 AM, SpookyKipper said:

(I tried providing LE for a few months, but removed due to the complexity of ACME and it constantly requires fixes)

 

On 6/23/2024 at 2:06 AM, BastelPichi said:

Oh and before anyone here wastes their time: Iirc ACMECert, or nearly any ACME client, wont work on iFastNet free hosting.

I had a successes on YAAC after hours of frustration, i remembered you mentioned that's the library you used for your free ssl site

Edited June 24 by SpookyKipper

[BastelPichi]

On 6/24/2024 at 9:11 AM, SpookyKipper said:

 

I had a successes on YAAC after hours of frustration, i remembered you mentioned that's the library you used for your free ssl site

YAAC works, not sure if it works on Free Hosting, I believe someone told me it doesn't. Either way, I don't really reccomend yaac, because it requires modifications to generate certificates compatible with free hosting, and also wont work with any other ACME CA than Lets Encrypt (could probably get that running with large modifications).

[SpookyKipper]

19 hours ago, BastelPichi said:

could probably get that running with large modifications).

I changed the LE staging server url to get it working with Google Trust, then some get requests changed to post or the other way around. Google Trust has stricter requirements on the request method and YAAC simply doesn't comply with

TXT validation works on free hosting

Edited June 27 by SpookyKipper

[BastelPichi]

On 6/27/2024 at 12:23 PM, SpookyKipper said:

I changed the LE staging server url to get it working with Google Trust, then some get requests changed to post or the other way around. Google Trust has stricter requirements on the request method and YAAC simply doesn't comply with

If I recall correctly AcmePHP, which InfinityFree uses, also doesnt work all that well with Google Trust. Thats why I reccomend AcmeCert.

 

Note: AcmePHP is maintained by ZeroSSL, and with ZeroSSL sponsoring quite a few ACME Clients there might be changes in the direction of ZeroSSLs interests, just like what happened to acme.sh. Just make sure to always check their announcements, to not suddenly have break stuff when the default CA gets changed.

[SpookyKipper]

31 minutes ago, BastelPichi said:

If I recall correctly AcmePHP, which InfinityFree uses, also doesnt work all that well with Google Trust. Thats why I reccomend AcmeCert.

 

InfinityFree provides Google Trust Certs pretty well tho

[BastelPichi]

12 minutes ago, SpookyKipper said:

InfinityFree provides Google Trust Certs pretty well tho

Havent checked either project in a longer time 🙃

[Santiago]

Hello, Xera now supports ACME (Let's Encrypt, ZeroSSL and Google Trust) and uses CNAME DNS Challenge

Edited July 12 by Santiago

[Santiago]

New release coming really soon

Edited July 12 by Santiago