hi all,
can i use lets encrypt for my ftps server, all i have installed on my server is vsftpd service and no apache/httpd service
many thanks,
rob
Yes you can.
how do you do it if you havnt got a webroot?
As long as there isn’t a firewall blocking port 80 or 443 you could use certbot with the standalone plugin, which will temporary start a embedded webserver for just a few moments to verify the challenge.
Or if that’s not possible, you could use certbot with the manual plugin with the dns-01 challenge. But that requires (obviously) access to your DNS zone. But certbot and the dns-01 challenge isn’t a good combo for automation, so if you really need a DNS challenge you could pick one of the third party clients, such as acme.sh. I know it has many DNS API plugins.
1 Like
ok so i could do this -
certbot certonly --standalone -d robo84.ddns.net
instead of this -
certbot certonly --webroot -w /var/www/html -d robo84.ddns.net
obviously open up port 80 or 443 on router
Correct. And with either --standalone-supported-challenges http-01 or --standalone-supported-challenges tls-sni-01 you can choose between port 80 or 443, respectively. I’m not sure what the default is.
so obviously to renew my key i would need port 80 or 443 open during the life of the ftp server so it can renew, even if i dont need port 80 or 443 open, just needed for the renewal
Correct.
It’s probably not possible to script something to open up ports in your router from your server? If you can, you might be able to use the --pre-hook and --post-hook switches during renewal.
Let me make https://github.com/veeti/manuale a bit more popular.
It supports DNS based (TXT record) authorization.
You may install it only for your user: pip install --user manuale
Usage example: https://github.com/szepeviktor/debian-server-tools/blob/master/security/cert-update-manuale-CN.sh
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.