I’m new to Let’s Encrypt and it’s very cool. I work for a company that uses Windows Server 2016 as their back-end, so things are not quite as straight-ahead as an open source solution for Let’s Encrypt.
I’ve found a great solution with WinACME v1.9.10.1 for my Production machines, but I’d like to find a way to setup Let’s Encrypt for a “STAGE” Server.
In my case, the STAGE Server is just like Production, but doesn’t have resolvable IP’s to the wide web.
Ideally I’d like to continue to use the WinACME v1.9.10.1 that I mentioned before.
I’ve been reading around seeing that one way to authenticate maybe using DNS, where Let’s Encrypt would generate a TXT file and I could place that into the Hosted Zone file and confirm ownership that way.
Basically, if anyone could suggest a good architectural solution that would be awesome.
It’s for:
Windows Server 2016
Amazon (EC2 & Route 53) for Private IP Addresses
According to this, WinACME supports the DNS challenge via Azure integration or via a script. Since you’re using Route 53 I guess you would need to use the script option and find or write a script to update your DNS records in Route 53.
It you can’t resolve your needs via DNS challenges, you could share the acme-challenge folder from the production server and allow the staging server to use the same working validation “path”.
The staging server would run just as production.
The validations would go to a working production directory.