Installing a LetsEncrypt SSL on Bluehost

So, letsencrypt is probably one of the best initiatives surrounding building a secure internet, because encryption is important. I really wanted to figure it out on my shared bluehost account, so here it is.

A few notes before we start, you will need access to a secondary server, local machine, or virtual machine that has python and other dependencies required for the letsencrypt client. Details on that can be found here: https://letsencrypt.readthedocs.org/en/latest/intro.html. I’m working on a way to get this to run on the Bluehost shared server itself so access to another server or doing it on your local machine isn’t required.

Once you’ve got letsencrypt and the required dependencies installed, stay ssh’d into your secondary server and run:

$ ./letsencrypt-auto --email your@emailaddress.com --text --authenticator manual certonly

And follow the prompts. At a certain point, it will give you some commands to run. The only one you really need is the printf command. SSH into the server you want the cert on and get to the root of the domain you’d like and run that command. It will look something like this:

$ printf "%s" aBuNchOfR4nd0mT3Xt > .well-known/acme-challenge/aBuNchOfR4nd0mT3Xt

Once that’s run, go back to the other shell session and finish following the prompts. This will generate a certificate and drop the necessary files in /etc/letsencrypt/live/(the domain you chose)/.

You’ll then need to follow the instructions here to upload the files correctly. Then contact Bluehost support to get the SSL certificate installed. Once that’s done, and any redirects you need to force people to use SSL on your site.

In the future I’ll be writing a script that automates the renewal process. Well, everything but actually re-installing the SSL certificate. You’ll still have to contact Bluehost to get the cert installed.

15 Replies to “Installing a LetsEncrypt SSL on Bluehost”

    1. Unfortunately not. The way Bluehost requires SSLs to be installed makes it so that even if you automate the renewal of the cert, you still have to contact them to get the renewed cert installed.

        1. They make money and you have to pay for their SSL… I don’t think they will bring something free for you.

  1. Two questions:
    Do you copy and paste the content of the fullchain.pem file to add it to your Bluehost account?

    Do you need to purchase a dedicated IP from Bluehost to make it work?

    1. Yeah, you need a dedicated IP, and I *think* all you need is the cert.pem and privkey.pem. When you contact support for the SSL to be installed they’ll let you know if you need more than that.

  2. Hi Garth, is a dedicated IP necessary, as Bluehost proposes? Thanks in advance for the hint…

        1. For shared hosting, unfortunately yes. SNI has not been implemented yet. For VPS/Dedicated hosting SNI can be used.

    1. That sure would be great! However, I don’t have the power to make that decision. So we’ll see what management decides 🙂

  3. This is definitely not a recommended process since letsencrypt certificates require renewal every 3 months. People shouldn’t need to contact the host every three months to update their cert. What really needs to be done is for Bluehost to support letsencrypt in part of their VPS…

    1. Oh definitely not the best way. But currently its the only way on shared hosting. On a VPS server you will have root access and can do it yourself.

Comments are closed.