How To Use Letsencrypt SSL/TLS Encryption to Create Certificates without installing on the target machine
For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server.
There is a way to use it like a normal CSR/CA setup in manual mode.
./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com
Eventually you will get prompted to create a certain path and file with certain data:
Create a file containing just this data:
CasdfasfadsfsadfsdafsdafdsafdsafdsuKVQ
And make it available on your web server at this URL:
http://realtechtalk.com.well-known/acme-challenge/C-asdfasfdsafdsQciE_IQ8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
#edit this script to suite your vhost path and then run it:
#!/bin/bash
fullurl=$1
data=$2
if [ -z $fullurl ] || [ -z $data ]; then
echo "Usage $0 http://url/.well-known/file data"
exit 1
fi
#replace http://www
if [[ $fullurl == http://www.* ]]; then
path=`echo $fullurl|sed s#"http://www."##g|cut -f 1 -d "/"`
#echo "path with www"
else
path=`echo $fullurl|sed s#"http://"##g|cut -f 1 -d "/"`
fi
fullpath=/www/vhosts/$path/httpdocs/
createpath=`echo $fullurl|sed s#"http://"##g|cut -d "/" -f 4`
# put your main vhost path here
cd /www/vhosts/$path/httpdocs
mkdir -p .well-known/acme-challenge
echo "$data" > .well-known/acme-challenge/$createpath
Then run the script:
the first argument is the URL they wanted you to create the second is the data they want in the file.
./letsencrypt-realtechtalk.com http://realtechtalk.com.well-known/acme-challenge/C-asdfasfdsafdsQciE_IQ8
CasdfasfadsfsadfsdafsdafdsafdsafdsuKVQ
Then hit enter on the letsencrypt screen
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/realtechtalk.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/realtechtalk.com/privkey.pem
Your cert will expire on 2019-06-26. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew *all* of your
certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
After this you can just copy over the .pem files to your server as needed.
Tags:
letsencrypt, ssl, tls, encryption, certificates, installing, machinefor, daemon, server, csr, ca, manual, mode, auto, certonly, realtechtalk, www, prompted, containing, casdfasfadsfsadfsdafsdafdsafdsafdsukvq, url, http, acme, asdfasfdsafdsqcie_iq, edit, vhost, bin, bash, fullurl, z, echo, quot, usage, fi, sed, fullpath, vhosts, httpdocs, createpath, mkdir, verification, challenges, certificate, etc, fullchain, pem, privkey, cert, expire, obtain, tweaked, interactively, renew, certbot, supporting, donating, isrg, encrypt, https, org, donate, eff,