wiki:setup_certificate_servers_without_root_access
Table of Contents
Setup certificate on servers without root access
This is done on your local computer or another server.
Get certs locally then copy them on server
user@host:/tmp$ certbot-auto certonly --manual --preferred-challenges http -d www.example.org -d example.org Requesting to rerun ./certbot-auto with root privileges... Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for www.example.org http-01 challenge for example.org ------------------------------------------------------------------------------- NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? ------------------------------------------------------------------------------- (Y)es/(N)o: Y ------------------------------------------------------------------------------- Create a file containing just this data: 9FJ7fcvUnLcOiiS6YRGOJYEG9N7T8th0nRt6PXuXew0.S-aYTCKC5avf_-CQ-YfiKcZHP8ULQQhACYtAQLw_5FY And make it available on your web server at this URL: http://www.example.org/.well-known/acme-challenge/9FJ7fcvUnLcOiiS6YRGOJYEG9N7T8th0nRt6PXuXew0 ------------------------------------------------------------------------------- Press Enter to Continue ------------------------------------------------------------------------------- Create a file containing just this data: hBKwxrxzV-ZJUC7Ah5iDiifsMy5vOZUlrugDv7gtS5s.S-aYTCKC5avf_-CQ-YfiKcZHP8ULQQhACYtAQLw_5FY And make it available on your web server at this URL: http://example.org/.well-known/acme-challenge/hBKwxrxzV-ZJUC7Ah5iDiifsMy5vOZUlrugDv7gtS5s ------------------------------------------------------------------------------- Press Enter to Continue Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/www.example.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/www.example.org/privkey.pem Your cert will expire on 2018-07-10. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF:
Above URLs need to accessble via web browser otherwise it will fail. Then the /etc/letsencrypt/live/www.example.org/fullchain.pem and /etc/example/live/www.example.org/privkey.pem can copied via providers web interface.
Tested on
- Xubuntu 18.04
- Xubuntu 20.04.1
See also
References
wiki/setup_certificate_servers_without_root_access.txt · Last modified: 2021/05/04 11:01 by antisa