Create a certificate with key usage server authentication only


I want to know if it is possible to generate a certificate with enhanced key usage = server authentication only. By default, this field is server authentication and client authentication.

My domain is:

I ran this command:


sudo docker run -it --rm --name certbot
-v “$HOME/certbot/etc/letsencrypt:/etc/letsencrypt”
-v “$HOME/certbot/var/lib/letsencrypt:/var/lib/letsencrypt”
-v “$HOME/certbot/.secrets/certbot:/secrets/certbot”
certbot/dns-cloudflare certonly
–dns-cloudflare-credentials /secrets/certbot/cloudflare.ini
-d “$DOMAIN”

The operating system my web server runs on is (include version):
Windows Server 2016


Hi @phalcon30964,

Unfortunately it is not possible. The Let’s Encrypt CA software chooses the Extended Key Usage (EKU) for the issued certificate, not the ACME client software.

If you need more control over the EKU you probably need to consider using an internal PKI.

closed #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.