For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server.
There is a way to use it like a normal CSR/CA setup in manual mode.
./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com
Eventually you will get prompted to create a certain path and file with certain data:
Create a file containing just this data:
CasdfasfadsfsadfsdafsdafdsafdsafdsuKVQ
And make it available on your web server at this URL:
http://realtechtalk.com.well-known/acme-challenge/C-asdfasfdsafdsQciE_IQ8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
#edit this script to suite your vhost path and then run it:
#!/bin/bash
fullurl=$1
data=$2
if [ -z $fullurl ] || [ -z $data ]; then
echo "Usage $0 http://url/.well-known/file data"
exit 1
fi
#replace http://www
if [[ $fullurl == http://www.* ]]; then
path=`echo $fullurl|sed s#"http://www."##g|cut -f 1 -d "/"`
#echo "path with www"
else
path=`echo $fullurl|sed s#"http://"##g|cut -f 1 -d "/"`
fi
fullpath=/www/vhosts/$path/httpdocs/
createpath=`echo $fullurl|sed s#"http://"##g|cut -d "/" -f 4`
# put your main vhost path here
cd /www/vhosts/$path/httpdocs
mkdir -p .well-known/acme-challenge
echo "$data" > .well-known/acme-challenge/$createpath
Then run the script:
the first argument is the URL they wanted you to create the second is the data they want in the file.
./letsencrypt-realtechtalk.com http://realtechtalk.com.well-known/acme-challenge/C-asdfasfdsafdsQciE_IQ8
CasdfasfadsfsadfsdafsdafdsafdsafdsuKVQ
Then hit enter on the letsencrypt screen
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/realtechtalk.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/realtechtalk.com/privkey.pem
Your cert will expire on 2019-06-26. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew *all* of your
certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
After this you can just copy over the .pem files to your server as needed.
letsencrypt, ssl, tls, encryption, certificates, installing, machinefor, daemon, server, csr, ca, manual, mode, auto, certonly, realtechtalk, www, prompted, containing, casdfasfadsfsadfsdafsdafdsafdsafdsukvq, url, http, acme, asdfasfdsafdsqcie_iq, edit, vhost, bin, bash, fullurl, z, echo, quot, usage, fi, sed, fullpath, vhosts, httpdocs, createpath, mkdir, verification, challenges, certificate, etc, fullchain, pem, privkey, cert, expire, obtain, tweaked, interactively, renew, certbot, supporting, donating, isrg, encrypt, https, org, donate, eff,