Automating renewal when hosted by another company?

Our ISP is dropping support for listserv (automated mail lists). They used the common L-Soft product. We are looking into moving to L-Soft directly for mailing list management as they will be cheaper then our ISP was charging us. An email exchange follows:

Do you support SSL for list management?
Yes, of course. However, you must pay for the SSL certificate separately. We generate the Certificate Signing Request from our server, we send that to you. You get it signed by the Certificate Authority of your choice (and at your cost) and return it to us. We apply it to the server.

I'm not sure about having a human on our end tied to doing this every 90 days for the rest of their life, so is there any way this can be automated? Perhaps several choices that I can approach the L-Soft folks with that they might be willing to do for us? Does a new CSR have to be created every 90 days or can I just resubmit the existing original one on my end to get an updated cert and then send that to them for re-installation every 90 days? (I'm still a bit fuzzy on the details...) Thanks!

Hi @mushu,

It’s possible to automate the certificate renewal without automating the certificate installation. That is, you could potentially run software on your own PC that gets the new certificates automatically. Then in this configuration you still have to send them over to the hosting provider to install. (Conceivably that e-mail to them or whatever could be automated too.) This is easiest if you have an Internet-connected server like a VPS but it’s also possible using a desktop computer.

The big question for me is what method you plan to use to prove your control over the domain name. Can you create files on the site at a specified path? Can you create DNS records in the DNS zone?

Good questions. They previously mentioned that they “need to know what domain we want” so that indicates to me that perhaps they will be using a DNS challenge? I don’t have access to any part of their server or DNS so unless they do it for me it isn’t getting done.

In this case, you won’t be able to use Let’s Encrypt for this application.

Let’s Encrypt has three methods to prove control of a domain name before issuing a certificate. They are all intended for automated use, and all require making a publicly-visible change to the site or DNS configuration.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.