Update 2023-09: It seems like Hostinger has rolled out free Let’s Encrypt SSL for all customers, even for the most basic hosting plan. This post was originally written in 2016 and kept as archive.
28 July 2016
When there is a will, there is a way!
Free SSL certificates, issued by Let’s Encrypt, have been around for quite a while. Enabling it on a shared hosting is an issue, since users cannot execute any executables (or very limited set of commands) on it.
I’ve been using premium shared hosting service from Hostinger Indonesia for few years now to host my personal website (kenrick95.org). Here are the steps required to enable Let’s Encrypt SSL on Hostinger shared hosting.
- SSH (full access; not web console)
- “SSL” on Hostinger’s Control Panel
As per time of writing, one can only use this SSH access by being subscribed to the premium or business-class shared hosting.
Generate SSL Certificate
So the first step is to generate an SSL certificate. Doing so, one must connect to one’s server using SSH. Since I am on Windows, I utilized PUTTY.
After setting up SSH and done doing authentication, one is logged in to a remote terminal. We can do any Unix command, like ls (directory listing), mv (move file), mkdir (make director), even nano (open ‘nano’ editor). One thing that we can’t do: execute arbitrary executables.
After few experimentations, here are the steps required to generate a SSL certificate.
1. Install acme-client and composer
Install acme-client + composer.
Make sure you are outside public_html folder
git clone https://github.com/kelunik/acme-client cd acme-client php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php composer-setup.php php -r "unlink('composer-setup.php');" php composer.phar install
The purpose of this command is for Let’s Encrypt to email you when your SSL certificate is about to expire.
php bin/acme setup --server letsencrypt --agree-terms --email [your email]
3. Issue Certificate
Wildcard subdomains are supported by Let’s Encrypt but I’m not sure how to do so with this tool. So, I recommend to list down all the domain & subdomain names.
php bin/acme issue --domains [colon-separated domain names] --path [colon-separated full path to domain root]
For example, if I want to enable for kenrick95.org, www.kenrick95.org, and blog.kenrick95.org:
php bin/acme issue --domains kenrick95.org:www.kenrick95.org:blog.kenrick95.org --path /path/to/kenrick95.org:/path/to/www.kenrick95.org/:/path/to/plan.kenrick95
You may see a few errors when you run the script. If it’s related to “couldn’t resolve the following domains”, “challenge marked as invalid”, or “not all challenges could be solved”, just re-run the script.
When the issuance are successful, there would be 4 files generated at the folder shown in the output.
4. Download the Certificates
When you navigate to that folder, you can download the certificate file & private key file. Probably there are other more secure ways of doing this 😅
cd [path to certificate output folder]
Select content (from the first “—–BEGIN CERTIFICATE—–” till the second “—–END CERTIFICATE—–“; inclusive of these words, note that there are two block of “begin certificate” and “end certificate”)
Open a text editor (notepad), paste content, save as
Select content (from “—–BEGIN PRIVATE KEY—–” till “—–END PRIVATE KEY—–“)
Open another notepad, paste content, save as
key.txt; keep this key private!
Now that the certificates have been issued, let’s go to Hostinger’s cpanel to setup SSL. You must have the “SSL” module here to successfully install SSL.
- Select domain/subdomain to install SSL on
- At “CRT” field, paste content of cert.txt
- At “KEY” field, paste content of key.txt
- Leave “CABUNDLE” field blank
Do this step 1-5 again for all domains/subdomains you set during the SSH console.
Please take note that Let’s Encrypt SSL certificate is only valid for 90 days to encourage people to renew their certificates frequently and also to mitigate impact of stolen private key.