How can i make cert, without website


#1

hello@all.

I wont make a cert, my problem is, on my server run a website and a cant stop this.
what can i do?


#2

I’m not sure I understand fully.

You can use the DNS challenge ( which doesn’t require a website).

Do you already have a website for your domain (that you don’t want to stop / change ) ?

or do you not have a website, and want the certificate for some other purpose ( email or something ) ?


#3

i have a domain, this is a VMware vCenter Server Appliance, its a vm to manag a vspere server.
this vcsa has a webinterface and this cant stop, for this, i wond make a zert.
(sorry for my bad english, im a german user)


#4

You don’t need to stop your website. You simply need to be able to show specific files ( to validate ownership) in the yourdomain.com/.well-known/acme-challenge/ folder.


#5

and where i make this?


#6

An overview is provided here. You should try a command similar to this:

letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

“certonly” means the client will just try to obtain a cert, it won’t try to configure your webserver.

“–webroot” indicates the plugin the client will use. “Webroot” means the client will place a file in your webserver so Let’s Encrypt knows you have control of the domain (the file is temporary).

“-w” tells the client where your webserver is serving from, and where it can place the temporary file.

“-d” tells the client what domain that web path belongs to and what to obtain the cert for.

The full user guide is here. You should read the whole thing, but the Webroot section is probably what you’re looking for.

I hope this helps!


#7

2.problems.

  1. i dont have git on the vcsa
  2. i cand canch settings from the webinterface.http://blogs.vmware.com/vsphere/2015/09/web-based-management-for-the-vcsa-is-back.html

#8

If you can modify your DNS (add an entry) via an API - I’d suggest using a DNS challenge ( you don’t need to modify your site that way).

A number of alternate clients allow that. I’d suggest one of the 3 bash ones ( as I know they support that one), and you don’t even need to run it on the server at all.


#9

i using a dyndns DNS. ipv4 and ipv6, both static addresses, no dyamic.
Ping with windows to the dns, worte the rieght ip.


#10

I’m sorry, I don’t understand the question here.

From my understanding you have a VM on a static IP, however you can’t easily change the content on that server itself. You can verify domain ownership using DNS though, hence I suggested using one of the alternate clients and the DNS challenge. This can be run on a completely different computer if you want to and, once the certificate is obtained, uploaded to the VM control panel.


#11

My question was, if there is another way is to create certificate because I can not change the webinterface that from VCSA.

how i make this, with tuhe DNS Challenge?


#12

You would need to use one of the alternate clients ( as I stated above - and suggested you use one of the vash clients as I know they support the DNS challenge).

In the DNS challenge you are asked to put a specific token in your DNS records as a TXT record at _acme-challenge.yourdomain.com

see getssl example of DNS challenge using cloudflare DNS servers


#13

Hi, I wrote an article on this

https://bigmojo.net/2016/01/20/lets-encrypt.html


#14

At this point, lets-encrypt will ask you a couple questions and then provide you with a verification key, you need to take the key and put it in the correct place on your server, it’s a bit of a mess but the relevant piece looks like this

Lets Encrypt process

To reiterate, copy the key (on the lower line by itself), and put it in a file at the specified URL.

and this i cand do.
Its not helping with my problem.


#15

The link monsters_x refers to seems to be only the http verification method.

As above, I’d suggest using the DNS challenge - as that doesn’t require you do have a website, or host anything there. It requires that you be able to modify your DNS records to show a token as proof of ownership.


#16

i know, i wont say this, i’m sorry