Acme.sh on unix to issue a weblogic certificate

schilukuri · June 10, 2021, 8:33pm

For WLS, I create the CSR and what is the best way to get a certificate issued for this? It is an internal server and hopefully, this will save me time to fight through the self signed certificates

Osiris · June 10, 2021, 8:39pm

Does your weblogic server have a publicly resolvable hostname? Because Let's Encrypt can only issue certificates for publicly resolvable hostnames.

schilukuri · June 10, 2021, 8:47pm

No, it is hosted on our internal unix servers.

Osiris · June 10, 2021, 8:48pm

Let's Encrypt can only issue certificates for publicly accessible hostnames.

schilukuri · June 10, 2021, 8:48pm

publicly resolvable meaning externally accessible?

Osiris · June 10, 2021, 8:50pm

Correct. If you can alter the DNS records for the hostnames DNS zone, the server itself doesn't need to be accessible, but the hostname (in DNS) should be publicly accessible by the Let's Encrypt DNS resolver.

schilukuri · June 10, 2021, 8:55pm

Got it. I may have to get with the network team. After that, I can use my generated csr and get a certificate issued right?
using acme.sh
acme.sh --signcsr --csr -w <>

Osiris · June 10, 2021, 9:02pm

I'm not sufficiently knowledgeable for acme.sh questions, maybe someone else can answer that.

schilukuri · June 10, 2021, 9:05pm

N/P, I am also new and learning as I go.
Is there a quick way to test with a test with some file if the ssl is working?

Rip · June 10, 2021, 9:07pm

github.com

acmesh-official/acme.sh/blob/master/README.md

# An ACME Shell script: acme.sh 

![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)


<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> 
[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")



- An ACME protocol client written purely in Shell (Unix shell) language.
- Full ACME protocol implementation.
- Support ACME v1 and ACME v2
- Support ACME v2 wildcard certs
- Simple, powerful and very easy to use. You only need 3 minutes to learn it.

This file has been truncated. show original

rg305 · June 11, 2021, 12:43am

To me, these statements, can all too easily be taken out-of-context:

Given: LE can also issue certs via DNS validation.
[and those FQDNs don't have to resolve to anything, nor actually exist]

schilukuri · June 11, 2021, 2:06am

Given: LE can also issue certs via DNS validation.
[and those FQDNs don't have to resolve to anything, nor actually exist]

If you give me little bit more insight on that, it would be great

Osiris · June 11, 2021, 5:10am

The FQDN doesn't need to resolve to a publicly accessibe IP address indeed, but the DNS zone itself needs to be publicly accessible. That is what I meant. You can't use a DNS which is only accessible locally.

system · July 11, 2021, 5:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.