Centralized SSL Certificates in ubuntu 14.04


#1

Hi,

Is it possible to maintained the LetsEncrypt SSL Certificates in the Centralized Server using ubuntu 14.04 with Apache?

Thanks
Gopalakrishna


#2

explain your use case a bit more so people can advise appropriately


#3

I have to create the SSL Certificates example.com, www.example.com and testing.in, wwww.testing.in respectively. But i want to maintain the those SSL Certificates in the Centralized Server.

If it is maintained the Centralized server, it is very easy to renew those SSL certificates.

I am using ubuntu 14.04 and apache


#4

One approach that some people have used with great success is making

http://example.com/.well-known/acme-challenge/

(and the corresponding URL on every other domain that you obtain certificates for) return a 301 redirect to

http://validation.example.com/.well-known/acme-challenge/

The certificate authority is willing to follow redirects when performing validations. So then you could run (for example) Certbot with --webroot, or another ACME client that also uses HTTP-01 validation, on the validation.example.com server. You can request certificates for any of the domains that redirect to validation.example.com and the ACME server, following the redirects, will be willing to give you certificates for those domains.

There’s nothing special about the name β€œvalidation.example.com”; you can call the machine whatever you want.


#5

Hi

Thanks for updating.

My domain(example.com) is pointing to AWS ELB(with A Record) and it has two ec2 instances.Presently that domain contained the SSL Certificates which was provided by Startcom.

I want to generate the SSL Certificates for that domain(example.com) using letsencrypt with separate system. I had my own ec2(beta.example.com) instance with apache configuration and installed letsencrypt. I want generate the SSL Certificates in my own ec2 instance(beta.example.com) for example.com through letsencrypt and maintained the multiple domains ssl certificates.

My Apache configuration of example.com is :

<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/example

   Redirect permanent / http://beta.example.com/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

My own ec2 instance(beta.example.com) apache configuration is :

<VirtualHost *:80>
ServerAlias beta.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/beta
<Directory β€œ/var/www/beta/.well-known/acme-challenge/”>
Order Allow,Deny
ALLOW from all

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

I tried to execute the command: ./certbot-auto certonly --webroot -w /var/www/beta/ -d example.com

I got the error is :

Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/Lbm3T_9F2pgNm94GCWYzY4pWaNzULfy0_433XFc_dc8: "

403 Forbidden

Forbidden

<p"

IMPORTANT NOTES:

I created the one test file under /var/www/beta/.well-known/acme-challenge/. I can able to see the file through browser as well as content of the file.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.