Certificates for offline server


#1

Hi,

I would like to host the same website on different raspberry pi. All of them is hosting their own access point including the name server without internet access. Furthermore I will give those raspberry pi to customers after the website is running.

Is there anyway to use HTTPS without self signed certificates? Protection against Man-In-The-Middle-Attacks is not important but the mobile browser show annoying messages when self-signed certificates are used.

I know that I can register a domain that is accessible from the internet and that is used on the raspberry pi to get a certificate for it and install it on the raspberry pi. But I have following question:

  1. Can I get unlimited amount of certificates for the same domain with different expiration dates?

#2

Hi @jkGuy

how do you want to update the certificates? If they are offline, so you can’t upload a new certificate?

You can get max. 50 new certificates per week per domain. So 4 weeks -> 200 subdomains.

And you can create max. 5 certificates / week with the same set of domain names.


#3

Sorry but I don’t think what you’re looking for is possible. You can’t get a certificate with an expiration date more than 90 days in the future, from the time you obtain it.


#4

You can request a rate limit adjustment from Let’s Encrypt.


#5

Well, not from LE.
But there may be others out there…
And certainly there are those who charge for longer their certs (up to 2 years?).


#6

Yes sorry I should have specified that I meant a Let’s Encrypt certificate :slight_smile:


#7

Well that is a different problem :wink:

Thank you very much. This helped a lot.


#8

Thank. I will see whether that is necessary.


#9

Sorry but I think it’s the same problem, because of a detail you may have missed: yes, you can get multiple certificates subject to the rate limit and yes, you can request and maybe get an adjustment, but all those certificates will still expire 90 days after you request them. You can’t get a certificate with a notBefore date in the future.


#10

Yes you can get multiple certificates subject to rate limit,but problem is that all those certificates will still expire in 90 days after you request them.An then u r not endorsed to get certificate with notBefore date in future.I hope this feedback helps u a little.Thank you