Unfortunately this is not a programming site.
This is more a "how to get a cert site".
Once you have that cert (and you can easily renew it - automatically) our job is done.
If you need any help along those lines, we are here 24/7/365 
3 Likes
okay Then please, what about self-signed certs, can I use them? I have found a couple of manuals but in the end i got errors like INVALID_CERT_COMMON_NAME or INVALID_AUTHORITY. Is it possible to generate a self-signed cert which a browser would be happy with? Can you please share a link?
1 Like
The only way a browser would be happy with a self-signed cert is to add that cert into each machine's local trust store.
That won't scale very well.
You might be able to do that on one PC (just for a test).
But why?
When you can get a real cert (for FREE) and then test your software with that one.
2 Likes
Yes getting a free cert is cool. The thing is we sell our app to clients that want it to be working from the box. Look they have a server they install our soft on and then they have to take care of getting a free cert on their own. We just want to know if it's possible to take care of it ourselves
1 Like
sell* =)
1 Like
You could just get them to install an acme client and given them a few options, certificates are a part of normal IT administration so if they have servers they probably have administrators as well, your software doesn't have to provide certificate management as well, it just needs instructions on what the requirements are.
Some cert management options on windows: https://certifytheweb.com (my app, it does support multiple combinations of challenges methods per cert, so validation is flexible), win-acme, Posh-ACME. If you are hosting your service in IIS you can probably guess which one I'd recommend.
LE certs need to be for public domains (in public DNS), DNS validation uses the domains public DNS servers.
2 Likes
That is a design and implementation issue that isn't really suited for this forum.
The issue isn't specific to any one CA.
And I'm not even certain that you could; being that how would you even know what FQDN they will be using your software with?
I agree with @webprofusion, you definitely need to get the app to work via HTTP.
And provide instructions on how to secure it - which may depend on the platform(OS) they install it on.
2 Likes
Hello!
Is it possible to make the certbot work with a different port? Just in case my web server works on 88 port
1 Like
certbot can actually work internally with any port.
LE, however, will only work on 80, 443, and 53 externally.
So, I guess, your answer should be:
No; if you intend on using port 88 as an inbound port directly from the Internet, you won't be able to get a cert for it that way.
2 Likes
it's okay. I can switch the port to 80 just to get a cert and after that swith back to 88 can I?
1 Like
Switch what?
Why can't you use both ports?
2 Likes
I am sorry this is my first time i am getting a cert =) So there is a lot of stupid questions from me. I mean it doesn't matter which port you use when generating a cert does it? in the end i can make my app work on any port i want when applying the cert?
1 Like
But it does.
All ACME clients (certbot in this case) must use port 80 for HTTP authentication.
Once you have a cert, it can be used by any program to secure its' service on any other port.
The two are completely exclusive of each other.
And there can even be multiple programs that use the same cert (on multiple ports).
2 Likes
awesome thank you!
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.