User Tools

Site Tools


wiki:setup_certificate_servers_without_root_access

Setup certificate on servers without root access

This is done on your local computer or another server.

Install certbot via manual method

Get certs locally then copy them on server

    user@host:/tmp$ certbot-auto certonly --manual --preferred-challenges http -d www.example.org -d example.org
    Requesting to rerun ./certbot-auto with root privileges...
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator manual, Installer None
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for www.example.org
    http-01 challenge for example.org
 
    -------------------------------------------------------------------------------
    NOTE: The IP of this machine will be publicly logged as having requested this
    certificate. If you're running certbot in manual mode on a machine that is not
    your server, please ensure you're okay with that.
 
    Are you OK with your IP being logged?
    -------------------------------------------------------------------------------
    (Y)es/(N)o: Y
 
    -------------------------------------------------------------------------------
    Create a file containing just this data:
 
    9FJ7fcvUnLcOiiS6YRGOJYEG9N7T8th0nRt6PXuXew0.S-aYTCKC5avf_-CQ-YfiKcZHP8ULQQhACYtAQLw_5FY
 
    And make it available on your web server at this URL:
 
    http://www.example.org/.well-known/acme-challenge/9FJ7fcvUnLcOiiS6YRGOJYEG9N7T8th0nRt6PXuXew0
 
    -------------------------------------------------------------------------------
    Press Enter to Continue
 
    -------------------------------------------------------------------------------
    Create a file containing just this data:
 
    hBKwxrxzV-ZJUC7Ah5iDiifsMy5vOZUlrugDv7gtS5s.S-aYTCKC5avf_-CQ-YfiKcZHP8ULQQhACYtAQLw_5FY
 
    And make it available on your web server at this URL:
 
    http://example.org/.well-known/acme-challenge/hBKwxrxzV-ZJUC7Ah5iDiifsMy5vOZUlrugDv7gtS5s
 
    -------------------------------------------------------------------------------
    Press Enter to Continue
    Waiting for verification...
    Cleaning up challenges
 
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/www.example.org/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/www.example.org/privkey.pem
       Your cert will expire on 2018-07-10. To obtain a new or tweaked
       version of this certificate in the future, simply run certbot-auto
       again. To non-interactively renew *all* of your certificates, run
       "certbot-auto renew"
     - If you like Certbot, please consider supporting our work by:
 
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:

Above URLs need to accessble via web browser otherwise it will fail. Then the /etc/letsencrypt/live/www.example.org/fullchain.pem and /etc/example/live/www.example.org/privkey.pem can copied via providers web interface.

Tested on

  • Xubuntu 18.04
  • Xubuntu 20.04.1

See also

References

wiki/setup_certificate_servers_without_root_access.txt · Last modified: 2021/05/04 11:01 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki