Acme.sh on unix to issue a weblogic certificate

For WLS, I create the CSR and what is the best way to get a certificate issued for this? It is an internal server and hopefully, this will save me time to fight through the self signed certificates

Does your weblogic server have a publicly resolvable hostname? Because Let's Encrypt can only issue certificates for publicly resolvable hostnames.

No, it is hosted on our internal unix servers.

Let's Encrypt can only issue certificates for publicly accessible hostnames.

publicly resolvable meaning externally accessible?

Correct. If you can alter the DNS records for the hostnames DNS zone, the server itself doesn't need to be accessible, but the hostname (in DNS) should be publicly accessible by the Let's Encrypt DNS resolver.

Got it. I may have to get with the network team. After that, I can use my generated csr and get a certificate issued right?
using acme.sh
acme.sh --signcsr --csr -w <>

I'm not sufficiently knowledgeable for acme.sh questions, maybe someone else can answer that.

N/P, I am also new and learning as I go.
Is there a quick way to test with a test with some file if the ssl is working?

1 Like

To me, these statements, can all too easily be taken out-of-context:

Given: LE can also issue certs via DNS validation.
[and those FQDNs don't have to resolve to anything, nor actually exist]

Given: LE can also issue certs via DNS validation.
[and those FQDNs don't have to resolve to anything, nor actually exist]

If you give me little bit more insight on that, it would be great

The FQDN doesn't need to resolve to a publicly accessibe IP address indeed, but the DNS zone itself needs to be publicly accessible. That is what I meant. You can't use a DNS which is only accessible locally.

1 Like