UPDATE: This method is no longer required if you are WordPress customer at Bluehost. Bluehost has started offering free SSLs for WordPress customers through Comodo. More information can be found here: https://my.bluehost.com/cgi/help/free-ssl
So, letsencrypt is probably one of the best initiatives surrounding building a secure internet, because encryption is important. I really wanted to figure it out on my shared bluehost account, so here it is.
A few notes before we start, you will need access to a secondary server, local machine, or virtual machine that has python and other dependencies required for the letsencrypt client. Details on that can be found here: https://letsencrypt.readthedocs.org/en/latest/intro.html. I’m working on a way to get this to run on the Bluehost shared server itself so access to another server or doing it on your local machine isn’t required.
Once you’ve got letsencrypt and the required dependencies installed, stay ssh’d into your secondary server and run:
$ ./letsencrypt-auto --email email@example.com --text --authenticator manual certonly
And follow the prompts. At a certain point, it will give you some commands to run. The only one you really need is the
printf command. SSH into the server you want the cert on and get to the root of the domain you’d like and run that command. It will look something like this:
$ printf "%s" aBuNchOfR4nd0mT3Xt > .well-known/acme-challenge/aBuNchOfR4nd0mT3Xt
Once that’s run, go back to the other shell session and finish following the prompts. This will generate a certificate and drop the necessary files in
/etc/letsencrypt/live/(the domain you chose)/.
You’ll then need to follow the instructions here to upload the files correctly. Then contact Bluehost support to get the SSL certificate installed. Once that’s done, and any redirects you need to force people to use SSL on your site.
In the future I’ll be writing a script that automates the renewal process. Well, everything but actually re-installing the SSL certificate. You’ll still have to contact Bluehost to get the cert installed.