Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
speedvm2022-02-14 11:25:21
Digital certificates
speedvm, 2022-02-14 11:25:21

Can I initiate a Let's Encrypt certificate on a server other than the server?

Hello!
There are several (more precisely, many) servers for which different certificates are installed, including Let's Encrypt. It is planned to transfer all servers to Let's Encrypt certificates.
The problem is that the OS on some servers, to put it mildly, is not the first freshness. Certbot cannot be installed on these servers, because half the system needs to be updated before this, and this option is not suitable.
Also, the number of servers is increasing over time, and it is required to create a single platform for issuing and renewing certificates. Those. I would like to move the function of obtaining / updating certificates from Let's Encrypt to a separate server.
Question: Can this be implemented?
PS: for the time being, it is planned to obtain certificates using the HTTP-01 verification method, i.e. via the _http://YOUR_DOMAIN/.well-known/acme-challenge/TOKEN_ directory.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
speedvm, 2022-02-14
@speedvm

In general, the answer to this question is: "Yes, it is possible to initiate the receipt of a Let's Encrypt certificate not on the server."
Brief variants of perversions:
We have (conditionally):
A - a server with a service of requests for issuing/reissuing Let's Encrypt certificates.
B and C are servers with web applications (proxy servers) for which it is necessary to issue/reissue Let's Encrypt certificate requests.
1.a. Release. Run certbot on server A, process output, create files with tokens on servers B and C, copy certificates to servers B and C.
1.b. Reissue. On servers B and C, use the built-in certbot mechanism and the preset crond/systemd-timers task.
2.a. Release. Run certbot on server A, process output, create files with tokens on server A, copy certificates to servers B and C. On servers B and C, create additional web server processing for domain.com/.well-known requests that will to be proxied to server A. On server A, install a web server that accepts proxied requests.
2.b. Reissue. On servers B and C, use the built-in certbot mechanism and the preset crond/systemd-timers task.
3.a. Release. Run certbot on server A, process the output, create files with tokens on servers B and C, copy certificates to servers B and C.
3.b. Reissue. On server A, use the built-in certbot mechanism and the pre-installed crond/systemd-timers task, copy certificates to servers B and C.

Report
K
ky0, 2022-02-14
@ky0

With the help of the DNS challenge, you can release it from anywhere - as long as the DNS hoster has the api.

Similar questions
T
tokyodead2021-10-13 11:00:08
How to install a self-signed SSL certificate for Bitrix24 CRM on a local Windows Server? 4Reply
S
shell_guy2021-10-13 11:53:25
How to add and deploy a self-signed SSL certificate to the regular version (not pro) of jamf? 1Reply
X
xaker12013-11-28 23:51:35
Web authentication with hardware token? 2Reply
G
GK5662018-07-26 14:16:50
How to switch to HTTPS on a local network? 2Reply
C
cru5ader2016-03-09 20:06:46
Can't access https://cp.smartape.ru/billmgr? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question