Host asked me to contact Let's Encrypt with my CSR

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
abqimaigng.com

I did not run a command, but reached out to my host to verify shell access. I was told that SSL cannot be enabled from my end and that I need to contact Let’s Encrypt and provide them my website CSR. I am at a loss of what to do next.

Thank you for your help.

2

Hi @FallenDisciples

that's how typical CAAs are working. The customers creates a CSR, sends the CSR to the CAA, the CAA sends a mail with a link, the customer clicks the link and confirms his domain ownership - then the CAA signes the CSR and sends the certificate back.

But that's not how Letsencrypt works.

Please read

You have to use a client to create a CSR and a certificate.

If you don't have root access, your hoster should support such an automation. If not, you have to do that every 60 - 85 days, because Letsencrypt certificates are only 90 days valid. So it's painful.

There are some online clients ( https://zerossl.com/ ) you may use.

But your domain

Checked via https://check-your-website.server-daten.de/?q=abqimaigng.com - that can't work.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
abqimaigng.com Name Error yes 1 0
www.abqimaigng.com Name Error yes 1 0

There is no dns entry visible. Are you the owner of that domain? Or is it a typo? You must have a worldwide unique domain name and a dns entry.

3

Hello!

Thank you for your reply, I appreciate it greatly. I will start the process now and update you how far I get.

That was a typo on the domain, it is abqimaging.com .

Thanks!

4

Now your domain is visible ( https://check-your-website.server-daten.de/?q=abqimaging.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
abqimaging.com A 129.121.21.151 yes 2 0
AAAA yes
www.abqimaging.com C abqimaging.com yes 1 0
A 129.121.21.151 yes

But there is already a Letsencrypt certificate, which is active:

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
874913596 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-22 01:05:55 2019-07-21 01:05:55 abqimaging.com, autodiscover.abqimaging.com, cpanel.abqimaging.com, mail.abqimaging.com, webdisk.abqimaging.com, webmail.abqimaging.com, www.abqimaging.com - 7 entries

Looks like you use cPanel.

Isn't it possible to use that certificate? That should work without manual actions.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.