How can I request a SSL certificate for a domain?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: aufloeser.bayern (domain of my customer) It has already a certificate from this project. The owner want's to switch the webserver to me, so I will need to install a new certificate on my server for his domain. Currently the DNS isn't uopdated so the domain still points to the old server. But i want to avoid interuption of the SSL protocol when I will switch the domain to the new server.

Also I would like to request more certificates for different domains of my customers. I don't want to charge my customers for the SSL certificates, but I#m willing to pay or make a donation for this project if I can use it to make my certificate requests trough it.

I ran this command:

It produced this output:

My web server is (include version): Tomcat 9.0.43

The operating system my web server runs on is (include version): Windows Server 2019 Standard edition

My hosting provider, if applicable, is: 1&1

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Let's Encrypt is free of charge, whether that's for 1 or for a million certificates. Donations are of course always welcome, no matter the size, but it's not required.

Please also see Integration Guide - Let's Encrypt for guidelines/tips.

As for your first question: you require proof of ownership of the domain name through one of the challenges. It's possible to delegate such challenges using for example a HTTP Location header ("HTTP redirect") in case of the http-01 challenge or by using a CNAME resource record for the dns-01 challenge. So your customer could implement one of those redirects pointing them to your server so you can get a certificate.

3 Likes

Hi @lucien.elin and welcome to the LE community forum :slight_smile:

Tomcat is a special beast.

Windows is another special beast.

Combining those two together will definitely be something special.

2 Likes

Well, it is not realy a big issue to install a certificate on Tomcat. I already did it and it works very well.

Special combinations have an advantage: Hackers concentrate on the most widely spread combinations. It's not worth for them to create hacks for such special combinations. They would not have the same impact as creating hacks for widely spread OS and Webserver. I see in the log files that a lot of attacks expect a Unix system behind the server :wink:

Good morning Osiris

Thany you for your reply. I will defintely go trough the Integration Guide.

2 Likes

I have a certificate installed on this domain: www.pret-immo.lu

The current certificate works well but will expire in some month. I will try to install the LetsEncrypt certificates on my infratsructure. Maybe the combination of Windows + Tomcat is too specific but these two topics may be interesting each for itself. I may keep you informed about the different steps on this thread.

The OS and Webserver should not be an issue, as I use the keytool command line tool from Java. I generate the certifcate request with this tool and I also install the certificates with it.

I'm aware that keytool cant connect to the lets encrypt server and that i need a client to do it. I'm just not sure if certbot is the right choice for this combination (keytool / lets encrypt).

Is there any documentation on how to use java keytool with Lets Encrypt ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.