Generating cert for rabbitmq

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
This is the problem!!
My web server is (include version):
RabbitMQ 3.7.17 on Erlang 22.0.7
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0

Basically, Im trying to generate certificates for my rabbitmq server, to my understanding the domain name is rabbit@ however, certbot doesn’t accept that domain. And I’m not too sure how to generate certificates to use for SSL authentication with rabbitmq.

Hi @daudnadeem

you need a public visible, worldwide unique domain name. Something like with a public suffix at the end.

And you must prove that you control the domain.

So register a domain name (perhaps free), then you need an A- or AAAA record yourdomainname -> your-IPaddress.

Or use dns-validation.


then something about the different challenge types:


It seems that there should be something after the rabbit@; examples online incline rabbit@localhost, rabbit@rabbit1, rabbit@controller, and others. The part after the rabbit@ is the domain name, and it looks like it’s common for many instances not to use a public fully-qualified domain name, which as @JuergenAuer says would be a requirement for getting a Let’s Encrypt certificate.

There seems to be a lot of official documentation related to this:

That page gives instructions for creating a self-signed certificate (which you would then have to add to every client that needs to be able to connect to the RabbitMQ server). Although the page calls this approach inappropriate for production, it seems appropriate to me if there is only one developer or only one sysadmin creating client instances (who can then be responsible for ensuring that all of the clients have been configured to trust the self-signed certificate).

But to follow the approach described there using a public certificate authority, you do need to register a public domain name and have a subdomain for your RabbitMQ server.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.