Generating cert for rabbitmq

daudnadeem · August 23, 2019, 9:37am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
This is the problem!!
My web server is (include version):
RabbitMQ 3.7.17 on Erlang 22.0.7
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
GCP
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0

Basically, Im trying to generate certificates for my rabbitmq server, to my understanding the domain name is rabbit@ however, certbot doesn’t accept that domain. And I’m not too sure how to generate certificates to use for SSL authentication with rabbitmq.

JuergenAuer · August 23, 2019, 9:41am

Hi @daudnadeem

you need a public visible, worldwide unique domain name. Something like community.letsencrypt.org with a public suffix at the end.

And you must prove that you control the domain.

So register a domain name (perhaps free), then you need an A- or AAAA record yourdomainname -> your-IPaddress.

Or use dns-validation.

Read

then something about the different challenge types:

schoen · August 23, 2019, 4:35pm

It seems that there should be something after the rabbit@; examples online incline rabbit@localhost, rabbit@rabbit1, rabbit@controller, and others. The part after the rabbit@ is the domain name, and it looks like it’s common for many instances not to use a public fully-qualified domain name, which as @JuergenAuer says would be a requirement for getting a Let’s Encrypt certificate.

There seems to be a lot of official documentation related to this:

https://www.rabbitmq.com/ssl.html

That page gives instructions for creating a self-signed certificate (which you would then have to add to every client that needs to be able to connect to the RabbitMQ server). Although the page calls this approach inappropriate for production, it seems appropriate to me if there is only one developer or only one sysadmin creating client instances (who can then be responsible for ensuring that all of the clients have been configured to trust the self-signed certificate).

But to follow the approach described there using a public certificate authority, you do need to register a public domain name and have a subdomain for your RabbitMQ server.

system · September 22, 2019, 4:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Generate certificate problem Help	10	1089	January 6, 2019
Ssl certificate generation Help	3	607	October 19, 2022
容器部署脚本申请ssl证书，直接报错了 Help	26	1451	March 11, 2023
How to automate ssl certificate generation with certbot Help	8	3537	January 7, 2021
Can't create certificate Help	1	546	September 5, 2018

Generating cert for rabbitmq

Related topics