How To Use Letsencrypt SSL/TLS Encryption to Create Certificates without installing on the target machine

For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server.

There is a way to use it like a normal CSR/CA setup in manual mode.

./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com
 

Eventually you will get prompted to create a certain path and file with certain data:

Create a file containing just this data:

CasdfasfadsfsadfsdafsdafdsafdsafdsuKVQ

And make it available on your web server at this URL:

http://realtechtalk.com.well-known/acme-challenge/C-asdfasfdsafdsQciE_IQ8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

#edit this script to suite your vhost path and then run it:

#!/bin/bash

fullurl=$1
data=$2

if [ -z $fullurl ] || [ -z $data ]; then
  echo "Usage $0 http://url/.well-known/file data"
  exit 1
fi

#replace http://www
if [[ $fullurl == http://www.* ]]; then
 path=`echo $fullurl|sed s#"http://www."##g|cut -f 1 -d "/"`
 #echo "path with www"
else
 path=`echo $fullurl|sed s#"http://"##g|cut -f 1 -d "/"`
fi
fullpath=/www/vhosts/$path/httpdocs/
createpath=`echo $fullurl|sed s#"http://"##g|cut -d "/" -f 4`

# put your main vhost path here
cd /www/vhosts/$path/httpdocs
mkdir -p .well-known/acme-challenge
echo "$data" > .well-known/acme-challenge/$createpath

Then run the script:

the first argument is the URL they wanted you to create the second is the data they want in the file.

./letsencrypt-realtechtalk.com http://realtechtalk.com.well-known/acme-challenge/C-asdfasfdsafdsQciE_IQ8
CasdfasfadsfsadfsdafsdafdsafdsafdsuKVQ

Then hit enter on the letsencrypt screen


Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/realtechtalk.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/realtechtalk.com/privkey.pem
   Your cert will expire on 2019-06-26. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 

After this you can just copy over the .pem files to your server as needed.

 


Tags:

letsencrypt, ssl, tls, encryption, certificates, installing, machinefor, daemon, server, csr, ca, manual, mode, auto, certonly, realtechtalk, www, prompted, containing, casdfasfadsfsadfsdafsdafdsafdsafdsukvq, url, http, acme, asdfasfdsafdsqcie_iq, edit, vhost, bin, bash, fullurl, z, echo, quot, usage, fi, sed, fullpath, vhosts, httpdocs, createpath, mkdir, verification, challenges, certificate, etc, fullchain, pem, privkey, cert, expire, obtain, tweaked, interactively, renew, certbot, supporting, donating, isrg, encrypt, https, org, donate, eff,

Latest Articles

  • How to resize a pdf without losing much quality in Linux Mint Ubuntu Debian Redhat Solution
  • qemu: could not load PC BIOS 'bios-256k.bin' solution
  • Proxmox How To Custom Partition During Install
  • Hyper-V Linux VM Boots to Black Screen, Storage, NIC Not Found Issues
  • Ubuntu Mint How to Fix Missing/Broken /dev and /dev/pts which causes terminal to immediately close exit and not work
  • How high can a Xeon CPU get?
  • bash fix PATH environment variable "command not found" solution
  • Ubuntu Linux Mint Debian Redhat Youtube Cannot Play HD or 4K videos, dropped frames or high CPU usage with Nvidia or AMD Driver
  • hostapd example configuration for high speed AC on 5GHz using WPA2
  • hostapd how to enable and use WPS to connect wireless devices like printers
  • Dell Server Workstation iDRAC Dead after Firmware Update Solution R720, R320, R730
  • Cloned VM/Server/Computer in Linux won't boot and goes to initramfs busybox Solution
  • How To Add Windows 7 8 10 11 to GRUB Boot List Dual Booting
  • How to configure OpenDKIM on Linux with Postfix and setup bind zonefile
  • Debian Ubuntu 10/11/12 Linux how to get tftpd-hpa server setup tutorial
  • efibootmgr: option requires an argument -- 'd' efibootmgr version 15 grub-install.real: error: efibootmgr failed to register the boot entry: Operation not permitted.
  • Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
  • Linux Debian Mint Ubuntu Bridge br0 gets random IP
  • redis requirements
  • How to kill a docker swarm