I'm not sure what to do to fix this issue here. I'm running bitwarden on a server in my house.
I also have a webhost and a site for a business. I used to log onto my webhost's cPanel and download the new certificates that had been installed with AutoSSL every time they were renewed.
There may have been a better way but I didn't know it if there was. For my bitwarden server I have a subdomain.
I have the IP of the subdomain set to my public IP address.
AutoSSL has always worked properly until about 6 months ago. When it stopped working I opened a ticket. The host replied that I needed to have the IP address of the subdomain set to the IP address of the host. If I do that, bitwarden can't work because it's being hosted in my house.
I can't use the normal Certbot process because my ISP blocks ports.
Is there something I can do to fix this?
Thanks in advance.
This process isn't working anymore. I have always had
Should I just get a certificate and install it (I think I should be able to do this with cPanel tools) instead of trying to rely on AutoSSL? The only way I'm able to get this to work is to visit the Zone Editor and change the IP address to that of the server, wait 20 to 30 minutes, run AutoSSL, if it was successful copy the certificates, then change the IP back to mine in Zone Editor.
This would be after I've updated the certificates on my server.
Could you run an ACME Client (like Certbot) on your BitWarden or local system using the DNS Challenge?
If your DNS provider has an update API that is supported with your chosen ACME Client you can even automate that. Otherwise you could use a manual DNS Challenge so you'd have to act to get a fresh cert every 60 days or so. But, your current process is very manual so this isn't much different.
Had you provided more answers to the form you were shown we could give more specific advice. And, sorry that no one picked up earlier.
That all said, wasn't much of this covered in your previous thread? What is different now that a DNS Challenge would not work?
I didn't intend to circumvent a form. As far as I remember there wasn't a form to complete. Maybe I removed it by accident.
I forgot about posting that from my previous attempts at getting this working when I was using different domain names. I read over the thread you quoted. The methods I tried then didn't work. That's why I've still been trying to find a solution for this. Once that is less manual and less prone to being forgotten.
I'm still pretty certain that any ACME Clients would need ports 80 and 443 open. Without a business account (so they say) Spectrum will not open ports or all me to use 80 or 443.
How would I find out about this? You also mentioned a manual DNS Challenge. This would be where I have to change a TXT record?
I suggested the DNS Challenge as an option given your restrictions with HTTP(S) access from the public internet.
Who is your DNS provider? What domain name are you using for this cert? (we could lookup your provider and tell you).
Automating DNS Challenge is easiest if your DNS provider offers an API but there is an advanced option of using acme-dns too (you run a mini-DNS system on port 53). Different clients support different DNS API. Certbot has fewer "out of the box" whereas lego and acme.sh support many.