Community site: login faq

Let’s Encrypt is by early November going to be the best way for Normal People to get SSL support, both because of the practically nonexistent maintenance burden and because it’s free.

However, there’s a problem; their reference client is designed for dedicated servers and requires root, operating on port 443 directly to prove ownership of a domain. It’s not designed for an environment like WebFaction’s. It can all be run manually, but it’s not going to be the most obvious or well-documented thing, nor is it as easy as the normal approach (which misses a large part of the point of the thing). On a shared IP address (where SNI is used), I’m not certain whether it will be possible to use Let’s Encrypt at all, as a matter of fact, though I hope something could be arranged. I expect that at the least it would require special action on the part of WebFaction, in two steps (putting up the proof-of-ownership thing to port 443, then putting up the final certificate) with new certificates not being automatically generated and updated, either.

There are two approaches to sorting this out:

  1. The simple approach is to figure out instructions on how to go about setting it up, ideally condensing that down to a single script that can be run. It may still require a dedicated IP address, but I haven’t checked out what it actually serves on port 443 normally and whether it could be achieved with SNI or not. Ideally WebFaction won’t need to be involved to get each Let’s Encrypt certificate to work, but as mentioned I think it would require two steps of manual intervention.

  2. Ideally, WebFaction would instead put special support for Let’s Encrypt into the panel, which would be perfect as it would allow someone to get HTTPS with no special configuration at all—it could simply default to procuring a Let’s Encrypt certificate if “HTTPS?” is ticked, which you can then override to specify your own certificates.

With Let’s Encrypt, there’s a perfect opportunity for WebFaction to provide easy and complete basic SSL support, which would be a really good thing.


asked 15 Sep '15, 04:55

Chris Morgan
accept rate: 0%


You definitely won't be able to do this on your own, since doing so requires access to the front-end Nginx server configuration.

(04 Nov '15, 20:27) seanf

+1 for this. Let's Encrypt is the future. Their certificates are only valid for 90 days though, so allowing automated renewal will be important. Any updates on plans here?

(12 Nov '15, 15:04) hooverlunch

Please see Sean's comments below.

(12 Nov '15, 15:17) bmeyer71 ♦♦

We used letsencrypt on one of our company-servers for the staging environment. Problem is: they hit the IP-adres, and do not use the url, so you will not be routed through to your vhost, so certificates need to be installed/handled on the server level (machine/ip-adres). I am not sure if that is even possible on webfaction: can I host a file on MY-IP/.well-known without using dns.url lookup. If not, if webfaction wants to support letsencrypt, they will have to provide some infrastructure/tools to allow that. E.g. enable it from our dashboard. Thoughts?

(16 Dec '15, 15:16) nathanvda

@nathanvda - no, you can't serve a site or file directly from an IP address on our service.

When/if we roll out installation tools for certificates, including Let's Encrypt, it will most likely be done via our control panel.

(16 Dec '15, 18:54) seanf

Thanks @seanf, any update on a possible timeframe?

(21 Dec '15, 13:31) nathanvda

There has been no decision made one way or the other to implement Let's Encrypt. As Sean mentioned we would announce any support or changes to the way our certificates are implemented on our blog and social media.

We still can install SSL Certificates manually. Please open a support ticket if you need a certificate installed.

(21 Dec '15, 13:57) aaront ♦♦

This newer thread indicates that the WebFaction staff are working on integrating Let's Encrypt into the control panel. https://community.webfaction.com/questions/20940/lets-encrypt-automatic-renewal

(27 Feb '18, 21:13) chad
showing 5 of 8 show 3 more comments

12next »

Please see our latest blog post in regards to LetsEncrypt support,


Thank you all for your patience.

permanent link

answered 14 Sep '18, 02:06

NickR ♦♦
accept rate: 20%

It seems like no one had mentionned yet the LetsEncrypt utility client for WebFaction hosts.

I used it to install a Let's Encrypt certificate for my website and it worked like a charm. Just don't forget to enable the encyption in the Webfaction control panel: Websites > Security > Encrypted website (https)

permanent link

answered 17 Apr '16, 10:44

accept rate: 0%

True, thanks for mentioning. But you still need to manually contact webfaction to update your certificates every 90 days.

(17 Apr '16, 10:45) lorenz

Actually, I think you can set up a cron job, and the client should post a ticket automatically. At least, it posts a ticket when you run it manually.

(17 Apr '16, 10:51) dimitari

Do you need to buy a public IP in order to do this?

(17 Apr '16, 19:07) Alejandro Mo...

No, since WebFaction uses Server Name Indication (SNI) for HTTPS sites. This generally means you will not need a static IP Address for most websites unless you are supporting an older web browser or operating system that does not support SNI.

(18 Apr '16, 18:56) aaront ♦♦

I just tried this and it worked amazingly well, and this kind of stuff never seems to work for me...

(15 Feb '17, 14:39) JohnGoren

Hi there Webfaction staff!

Last year 2016 was a successful year for Let's Encrypt. It's been quite a while since it's not beta anymore, major players are supporting it and Webfaction is not there yet!

I'm a proud Webfaction customers because of your developer-oriented approach, and it hurts that we're still lagging behind other webhosting companies that have fully supported Let's encrypt since the beginning. More than technical challenges, it would seem that lack of commitment might be an issue on your side, since even third-party tools made by other great Webfaction customers are already available.

It seems that you must be already working diligently on this, as per your previous comments. However, I kindly request you to speed up your efforts and give this initiative more priority so we all can enjoy the benefits of a more secure web.

Thank you for your otherwise top-notch service! Looking forward to your public announcements on Let's Encrypt support in the very near future :)

permanent link

answered 12 Jan '17, 09:36

accept rate: 0%

Thank you for providing feedback, however at this time Let's Encrypt has not even been released. We are certainly aware of the project and will continue to wait on it to be generally available.

permanent link

answered 15 Sep '15, 11:33

aaront ♦♦
accept rate: 27%

Let's Encrypt announced "December 3, 2015 our systems will be open to anyone who would like to request a certificate". Is that when we can expect an update from webfaction? I'm personally very excited for this TLS revolution and would love to hear if webfaction will support it.

(16 Nov '15, 03:35) ubershmekel

As far as I am aware, that date is for the public beta release. As Sean mentioned below, we are aware of this exciting new service and will make updates when necessary (no ETA, nor confirmation). Thank you again for showing interest!

(16 Nov '15, 05:37) NickR ♦♦

Example of a hosting provider going out of their way to support Let’s Encrypt: https://www.dreamhost.com/blog/2015/12/03/lets-encrypt-and-dreamhost/. It’d be great if WebFaction would think about doing it now that it is generally available.

(15 Dec '15, 23:22) Chris Morgan

Any updates? -I know I repeat other users but today Let's encrypt officially left beta status: https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors.html

(12 Apr '16, 17:42) lorenz

Let's Encrypt just started issuing its first certificates for Beta testers, and I ran into the issue Chris mentioned above. Now that we're close to the public release date, do you all have more information about this? Do you have a roadmap or a timeline?


permanent link

answered 04 Nov '15, 17:03

accept rate: 0%

We have no new information and no public roadmap at this time. If that changes, we'll be sure to announce it in our blog and social media channels.

(04 Nov '15, 20:24) seanf

Note that we can still install certificates manually, if you can give us the certificate and key files. Just open a support ticket to request it.

(04 Nov '15, 20:26) seanf

Let's Encrypt had huge buzz from the beginning and is only getting more popular. They've already improved the install system with the new Certbot - https://certbot.eff.org/ - but it's a system that is really meant to be automated. Webfaction's current policy of a support member physically renewing every ssl cert is a pretty big speed bump to that system, and I hope the team is looking at a way to improve the current system. I heard C-panel will also support Let's Encrypt within a few months. This may be the new standard for SSL, so I hope you guys make it a priority at Webfaction.

permanent link

answered 15 May '16, 01:43

accept rate: 0%

We don't have any specific details available or ETA just yet, but rest assured that implementation is already underway on improving the SSL certificate installation procedures.

(15 May '16, 02:10) ryans ♦♦

We're one step closer to having full support for Let's Encrypt via our control panel. As of today, you can now manage SSL certificates with the control panel without needing to open a support ticket!

permanent link

answered 19 Sep '16, 15:47

accept rate: 37%

This is really great news. Thanks for all the effort you're all putting in!

Could I make a small suggestion for improvement?

Under Domains > SSL Certificates, the three columns "Name", "Valid for" and "Valid until" don't wrap, so we can't see the full details (unless we open an inspector and reduce the font).

Could you make it so that hovering will show the relevant text? (By adding a title="..." tag to the divs.)

Alternatively you could simply let the text wrap (with CSS white-space: normal; on the relevant divs). Or leave the main screen as-is and instead spell out the details in full once the row is clicked and the cert details are displayed.

Looking forward to the API, so it can all be automated at our end too :-)

(22 Sep '16, 19:54) JustAnotherW...

We have a ticket open with development to improve the layout of that page now.

(22 Sep '16, 20:16) maryh

Thanks maryh!

(23 Sep '16, 17:49) JustAnotherW...

I see in your control panel method to manage classic certs (CSR issue, upload cert), but not support for let's encrypt which requires special integration via API or their client, and does not work via manual CSR or files? Even if I use their CLI client and get the certs, then these expire every 2 months and are not meant for manual maintenance. Do I miss here something?

(27 Sep '16, 06:14) jaakl

You didn't miss anything -- that's correct. We have plans to fully integrate LetsEncrypt so that you can actually issue and apply certificates from the Control Panel, which will alleviate that problem.

For now, we've implemented the first step, which is allowing users to manage SSL certificates in the Control Panel directly. LetsEncrypt integration is coming afterward.

(27 Sep '16, 08:23) ryans ♦♦

I would like to bump this feature request as well. Any news?

permanent link

answered 12 Nov '16, 18:01

accept rate: 0%

Any updates so far? It would be really really nice if this was made easy. Without opening support tickets every month.

permanent link

answered 17 Mar '16, 10:51

accept rate: 0%

We have no new information and no public roadmap at this time. If that changes, we'll be sure to announce it in our blog and social media channels.

(17 Mar '16, 15:51) seanf

This is a hot topic and I though I'd share another tool with fellow WebFactioneers to help setup Let's Encrypt that I ran across:


Hope this helps.

permanent link

answered 26 Apr '16, 12:13

accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 15 Sep '15, 04:55

question was seen: 19,818 times

last updated: 14 Sep '18, 02:06