Certbot command you use to renew or generate cert by passing my own CSR?

Hello,
Is there a certbot command you use to renew or generate cert by providing my CSR?

Someone provided me with a CSR, i want to use that CSR to generate a certificates & key.
I have a certbot version 0.31.0 or certbot 0.17.0 available. I have tried to use --CSR option, but it seems it not available on these versions.

I usually issue below commands, but wandering there an option to insert CSR to issue required ssl.

letsencrypt certonly --manual -d test1.abc.com --preferred-challenges dns --email test@abc.com --agree-tos

or

certbot certonly --manual -d test1.abc.com -d www.test1.abc.com --server https://acme-v02.api.letsencrypt.org/directory -m test@abc.com --agree-tos --preferred-challenges dns

Your input will be appreciated.

Dev.–

It should definitely be available in 0.31.0.

certbot certonly --csr my_csr.csr --manual --preferred-challenges dns
2 Likes

Why do you want to use an existing CSR?

You can do it, but most of Certbot’s nicest features get disabled when you use a custom CSR.

For best results, you should let Certbot generate keypairs and CSRs itself, or use a different ACME client.

2 Likes

You cannot generate a key from the CSR, only the certificate (such as sign the CSR via a CA).
You already need a key to generate the CSR itself. So the guy who provided the CSR owns the key, and only he can use the certificate you generate (aka get signed) from the CSR.

I am practically always doing that way for multiple hosts (the key never leaves the host itself) on enterprise level using the ACME client I am maintaining: GitHub - bruncsak/ght-acme.sh: Get publicly trusted certificate via ACME protocol from LetsEncrypt or from BuyPass

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.