How can I use a Let's Encrypt SSL certificate?

The Easy Way

Edit your site and flip the Let's Encrypt switch!

Please read step 6 "Configure your HTTPS options" under Adding Sites for more information.

⚠️ Note: as of 3 November 2020 we're no longer able to issue individual LE certificates for opalstacked.com domains due to rate-limits imposed by the LE service.

Because of this:

  • If all of the domains on the site are opalstacked.com subdomains, then the site will be switched to a shared opalstacked.com wildcard certificate.
  • If the site has opalstacked.com subdomains mixed with other domains, then the opalstacked.com subdomains will be omitted from the final certificate.

We hope to bring back fully managed LE functionality for opalstacked.com domains as soon as possible. In the meantime you can still issue certificates manually (see below).

The Manual Way

1

Create a site by following the instructions here: Building a Site.

The rest of this procedure assumes that you're using a PHP or static application for your site, and uses the following values which you will need to change to match your specific user, app, and domain:

  • myuser is the shell user name
  • myapp is the application name
  • mydomain.com is the domain name
2

Log into your server via SSH with the shell user that you created in step 1 above.

3

Execute the following commands in your SSH session to create your certificate, changing the first three commands to match your email address, domains, and app name:

export EMAILADDR=me@mydomain.com
export DOMAINS=mydomain.com,www.mydomain.com
export WEBROOT=$HOME/apps/myapp

export CERTBOTROOT=$HOME/certbot
mkdir ~/certbot

certbot register --agree-tos --no-eff-email -m $EMAILADDR \
 --config-dir $CERTBOTROOT \
 --work-dir $CERTBOTROOT \
 --logs-dir $CERTBOTROOT

certbot certonly -a webroot -w $WEBROOT \
 --config-dir $CERTBOTROOT \
 --work-dir $CERTBOTROOT \
 --logs-dir $CERTBOTROOT \
 -d $DOMAINS

If you are manually generating a certificate for the first time, then the commands should run with no further input.

If you repeat the commands for a certificate that you've previously generated manually then you'll be presented with options to keep or renew the existing certificate. If this happens then choose the option that you want and proceed to the next step.

4

Follow our instructions for adding a certificate to the panel, using the contents of the following files for the certificate details:

  • Certificate: /home/myuser/certbot/live/mydomain.com/cert.pem
  • Intermediate Certificate: /home/myuser/certbot/live/mydomain.com/chain.pem
  • Key: /home/myuser/certbot/live/mydomain.com/privkey.pem

You can use the cat command in your SSH session to get the contents of the files, eg cat /home/myuser/certbot/live/mydomain.com/cert.pem, which you can then copy from your terminal and paste into the control panel form for your new certificate.

5

Finally, assign the certificate to your site.

🎉 Congratulations - you now have a website encrypted with a manually-generated free Let's Encrypt SSL certificate!