Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: localhost
I ran this command: openssl req -x509 -out localhost.crt -keyout localhost.key
-newkey rsa:2048 -nodes -sha256
-subj ‘/CN=localhost’ -extensions EXT -config ./ssl-config
Where ssl-config had the following …
[dn]
CN=localhost
[req]
distinguished_name = dn
[EXT]
subjectAltName=DNS:localhost
keyUsage=digitalSignature
extendedKeyUsage=serverAuth
This was based on your instructions … https://letsencrypt.org/docs/certificates-for-localhost/
N.B. The openssl command on that page is broken … I think it’s deep bash magic, but I think I worked out what it was intended to do.
It produced this output:
localhost.crt and localhost.key created as expected.
My web server is (include version): I’m using the go http package … the server works fine for http … but I need https when I deploy the code. The http go server (for TLS) expects a pem file, not a crt file (http.ServeAndListenTLS).
How do I make a .pem file from that .crt file?
Many thanks …
Cheers,
Geoff Russell
The operating system my web server runs on is (include version): Ubuntu 16.04.06 TLS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):