Is it possible to get a letsencrypt certificate for a subdomain located on a different host?

J

Janus742017-01-19 13:11:13

Apache HTTP Server

Janus74, 2017-01-19 13:11:13

Hello!
There is a site, it is hosted on the web, it is configured to receive letsencrypt certificates for a second-level domain name.
You need to deploy a subdomain (3rd level domain) on another host (vds), and also get a certificate for the 3rd level domain name.
From all the mana that I have read on setting up letsencrypt, there is no information anywhere that this will not be a problem. If I request a certificate for a subdomain on another host, will the certificate for the 2nd level domain be revoked?
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Defman21, 2017-01-19
@Janus74

Yes, if received via certbot. (and no, they won't). Letsencrypt uses ACME Challenges, certbot actually runs its own small server on 80/443 port(s) and sends a request to the LE servers. The LE servers, in turn, resolve the requested domain (let's say your server has ip 13.37.13.37, mydomain.mywebsite.com -> A 13.37.13.37) and ping a specific url on your domain. Next comes the generation of certificates.
I described everything rather mediocrely, because I myself was not particularly interested in such issues. If you want to learn more about how LE verifies domains using the ACME protocol and its Challenges, you can read here (I give a link to verification via https/443, in Certbot: tls-sni-01)
https://tools.ietf. org/html/draft-ietf-acme-acme-0...
https://letsencrypt.readthedocs.io/en/latest/using.html