Skip to content

Installing a LetsEncrypt SSL on Bluehost

UPDATE: This method is no longer required if you areย  WordPress customer at Bluehost. Bluehost has started offering free SSLs for WordPress customers through Comodo. More information can be found here: https://my.bluehost.com/cgi/help/free-ssl

So, letsencrypt is probably one of the best initiatives surrounding building a secure internet, because encryption is important. I really wanted to figure it out on my shared bluehost account, so here it is.

A few notes before we start, you will need access to a secondary server, local machine, or virtual machine that has python and other dependencies required for the letsencrypt client. Details on that can be found here: https://letsencrypt.readthedocs.org/en/latest/intro.html. I’m working on a way to get this to run on the Bluehost shared server itself so access to another server or doing it on your local machine isn’t required.

Once you’ve got letsencrypt and the required dependencies installed, stay ssh’d into your secondary server and run:

$ ./letsencrypt-auto --email your@emailaddress.com --text --authenticator manual certonly

And follow the prompts. At a certain point, it will give you some commands to run. The only one you really need is the printf command. SSH into the server you want the cert on and get to the root of the domain you’d like and run that command. It will look something like this:

$ printf "%s" aBuNchOfR4nd0mT3Xt > .well-known/acme-challenge/aBuNchOfR4nd0mT3Xt

Once that’s run, go back to the other shell session and finish following the prompts. This will generate a certificate and drop the necessary files in /etc/letsencrypt/live/(the domain you chose)/.

You’ll then need to follow the instructions here to upload the files correctly. Then contact Bluehost support to get the SSL certificate installed. Once that’s done, and any redirects you need to force people to use SSL on your site.

In the future I’ll be writing a script that automates the renewal process. Well, everything but actually re-installing the SSL certificate. You’ll still have to contact Bluehost to get the cert installed.

Published incryptoencryptioninfosec

16 Comments

  1. Jon Jon

    Hi Garth, any progress on the script that automates the renewal process?

    • garthmortensen garthmortensen

      Unfortunately not. The way Bluehost requires SSLs to be installed makes it so that even if you automate the renewal of the cert, you still have to contact them to get the renewed cert installed.

      • Jon Jon

        Thanks for answering. Hope they go for happy customers and change that in the future.

        • Kalvin Kalvin

          They make money and you have to pay for their SSL… I don’t think they will bring something free for you.

          • garthmortensen garthmortensen

            Actually, shortly after you made this post, Bluehost started providing free SSLs to WordPress customers. You can find more information here: https://my.bluehost.com/cgi/help/free-ssl

  2. Seamus Campbell Seamus Campbell

    Two questions:
    Do you copy and paste the content of the fullchain.pem file to add it to your Bluehost account?

    Do you need to purchase a dedicated IP from Bluehost to make it work?

    • garthmortensen garthmortensen

      Yeah, you need a dedicated IP, and I *think* all you need is the cert.pem and privkey.pem. When you contact support for the SSL to be installed they’ll let you know if you need more than that.

  3. Ollie Ollie

    Hi Garth, is a dedicated IP necessary, as Bluehost proposes? Thanks in advance for the hint…

    • garthmortensen garthmortensen

      Yeah, a dedicated IP is required.

      • Is the dedicated IP a bluehost specific requirement? I know SSL dropped that a while back.

        • garthmortensen garthmortensen

          For shared hosting, unfortunately yes. SNI has not been implemented yet. For VPS/Dedicated hosting SNI can be used.

    • garthmortensen garthmortensen

      That sure would be great! However, I don’t have the power to make that decision. So we’ll see what management decides ๐Ÿ™‚

  4. tim tim

    This is definitely not a recommended process since letsencrypt certificates require renewal every 3 months. People shouldn’t need to contact the host every three months to update their cert. What really needs to be done is for Bluehost to support letsencrypt in part of their VPS…

    • garthmortensen garthmortensen

      Oh definitely not the best way. But currently its the only way on shared hosting. On a VPS server you will have root access and can do it yourself.

  5. Thanks for documenting your challenges, my GoDaddy is up for renewal soon and I was considering Bluehost because just about every author/blogger I follow is using it (and of course get affiliate bonuses). I want the SSL feature, but don’t want the 90 day work on a shared plan. Thinking of going with these guys, they bundle it in for shared plans free: https://www.interserver.net/blog/interserver-offering-free-ssl-cpanel-users/

Comments are closed.