Boulder paths, software versions, etc


#1

Hello,

I’m naïvely attempting to install boulder in a clean virtual machine, so that I can bring it over to my local offline network and use it there. I’ve never used go or docker before, so I’m asking for help with the initial pre-configuration with boulder so that I can build and start boulder. Once I get boulder to the point where it is working, I should be able to configure everything else.

So a few questions - boulder is designed to work on Ubuntu (or is redhat preferred or another version or n/a)? What version of go / docker is required / preferred? (Is building from the debian repositories ok or should I go for a different version of go or docker.) When the documentation says GOPATH, would that be the location of the go binary or a /var/local/go directory or to a different directory? Just not sure on the concept / where to go for that documentation?

Once I get it working, I’ll write up a little documentation that I will put on GitHub.

Thank you for the advice.

My domain is: kite.zakz.info (this is my personal kite photography site, and I’ve been using lets encrypt certificate on it for a while, and it works perfectly.)

Zak


#2

I’ve never run Boulder, so I can’t comment on your actual questions. But I’m curious why you want to run it? Are you planning on spinning up your own private CA for internal certs? Are you trying to write an ACME client?


#3

Indeed, I am trying to use let’s encrypt certificates on a local lan not connected to the internet. At work, we have so many differently configured machines, using let’s encrypt as it is already trusted by the browsers, makes sense. We could create a private ca but it might be a lot of pain trying to install a local root certificate on the number of machines we have with different operating systems… Not impossible, but not easy.


#4

Downloading Boulder doesn’t give you access to Let’s Encrypt’s private keys.

Whether or not you use Boulder, you must create a private CA.


#5

Ok, that makes a lot of sense the more I think about it… Thank you for that information; I will make other plans. Thank you for saving my time by not pursuing it further.


#6

It is possible to get LE certs on non-internet-facing devices as long as the DNS names in the certs are in zones on internet-facing DNS servers or a public DNS hosting provider.

So for example, you can’t get LE certs for a domain like example.local because that’s not a public TLD you can query from the internet. But if you own example.com and your internal site is internal.example.com, you can get a cert for that as long as you can create a TXT record for it in your internet-facing copy of the domain.

But the more common solution for what you’ve described is running an internal CA that only your machines trust as @_az mentioned.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.