wiki:setup_certificate_servers_without_root_access
This is an old revision of the document!
Table of Contents
Setup certificate on servers without root access
This is done on your local computer or another server.
Get certs locally then copy them on server
user@host:/tmp$ certbot-auto certonly --manual --preferred-challenges http -d www.example.org -d example.org Requesting to rerun ./certbot-auto with root privileges... Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for www.example.org http-01 challenge for example.org ------------------------------------------------------------------------------- NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? ------------------------------------------------------------------------------- (Y)es/(N)o: Y ------------------------------------------------------------------------------- Create a file containing just this data: 9FJ7fcvUnLcOiiS6YRGOJYEG9N7T8th0nRt6PXuXew0.S-aYTCKC5avf_-CQ-YfiKcZHP8ULQQhACYtAQLw_5FY And make it available on your web server at this URL: http://www.example.org/.well-known/acme-challenge/9FJ7fcvUnLcOiiS6YRGOJYEG9N7T8th0nRt6PXuXew0 ------------------------------------------------------------------------------- Press Enter to Continue ------------------------------------------------------------------------------- Create a file containing just this data: hBKwxrxzV-ZJUC7Ah5iDiifsMy5vOZUlrugDv7gtS5s.S-aYTCKC5avf_-CQ-YfiKcZHP8ULQQhACYtAQLw_5FY And make it available on your web server at this URL: http://example.org/.well-known/acme-challenge/hBKwxrxzV-ZJUC7Ah5iDiifsMy5vOZUlrugDv7gtS5s ------------------------------------------------------------------------------- Press Enter to Continue Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/www.example.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/www.example.org/privkey.pem Your cert will expire on 2018-07-10. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF:
Above URLs need to accessble via web browser otherwise it will fail. Then the /etc/letsencrypt/live/www.example.org/fullchain.pem and /etc/example/live/www.example.org/privkey.pem can copied via providers web interface.
Tested on
- Xubuntu 18.04
- Xubuntu 20.04.1
See also
References
wiki/setup_certificate_servers_without_root_access.1607337173.txt.gz · Last modified: 2020/12/07 10:32 by antisa