HTTPS with Let’s Encrypt at Hostmonster

I’m hosting my blog and wiki at Hostmonster.com. I setup SSL using Let’s Encrypt via https://gethttpsforfree.com/. It wasn’t too hard. Let me show you how to do it.

The first step is to generate an account private key. This is used to communicate with Let’s Encrypt in such a way that they know it is you.

Run the following command from your SSH session at Hostmonster:

openssl genrsa 4096 > account.key
openssl rsa -in account.key -pubout

This will generate account.key, which you should never share with anyone, let alone copy. However, you can share the public key (the output of the second command) with everyone. Copy that into the form at https://gethttpsforfree.com/ and click “Validate Account Info”.

Next, use the Hostmonster SSL interface to create a new private key. This will be the domain key, which is used for encrypting SSL traffic for your website.

Next, use the Hostmonster SSL interface to create a new CSR. Include in the CSR wildcards like *.realphysics.info, as well as the root domain such as realphysics.info. You can add as many domains as you like, but you need control over them.

Take the CSR and copy that into the form at https://gethttpsforfree.com/ and click “Validate CSR”. It will tell you which domains you’re asking for.

Step 3 involves copying and pasting commands into your SSH session, and then copying and pasting the results. Do this a few times and you’ll be on step 4.

Step 4 involves setting up your DNS TXT record for your wildcard domains, and setting up a static file for your domain names. It’s tedious, but this is how Let’s Encrypt verifies that you actually control the domain. Copy and paste the commands to your SSH, and copy and paste the results back into the form at https://gethttpsforfree.com/.

The final step of Step 4 is to finalize the request, which will give you the certificate file! Copy and paste that into the Hostmonster SSL certificates file, and you’re good to go!

Note that if you’re running WordPress and Mediawiki like I am, you’ll want to force SSL connections for signing in. You can find out how to do that with a few web searches.

Let me know if you need any help!