My web server is (include version): apache Tomcat 9.0.39
The operating system my web server runs on is (include version): cetos 8
My hosting provider, if applicable, is: -
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site: no
The version of my client is: certbot 1.9.0
Hi. I've used --csr option to get a certificate because I wanted to use my own keys generated by keytool.
Now when using 'certbot certificates' my cert isn't listed in results. Thanks to this post '' I know the reason. But now I wanna know is there any way to add my cert to 'certbot certificates' manually ? this way I can renew and manage my certs.
Thanks for your help.
Is there any way you can get the same cert without using --csr ?
Using that option implies that the private key is NOT being handled by certbot.
It would be impossible to renew such a second hand request (without first involving the originating requester).
You should probably look for a more integrated client.
What is the system that needs the cert - that generated the csr?
according to our policy , I should use only keys generated by keytool. This is what we normaly do to get a cert from other CAs. Switching to LE, I didn't find other way to use my own keys except using --csr switch. If I'm right (?) certbot generate keys and sign them by itself . If there is another way to use our own keys , please guide me.
I think you might be able to "fool" certbot by having it issue a cert.
Then change the private key to your private key.
Then have it issue another (new) cert [but NOT update the private key].
You will have a new cert with the private key you provided.
From there you can continue renewing without updating the private key [until you decide it is time for a new one].
That, of course, is a hack/workaround (if it works).
[I will look for a more supported/documented way]
--reuse-key didn't work alone. but --key-path probably is fine. gonna try it. about your former post , it's clever! that's really improvising and Im going to try it. thank you for your nice and fast guidance