my boss insists that i have to create with lets encrypt the domain we have and the wildcards, the websistes are intern ones, doesnt exixst, how do i do them?
he says this have been done at least 3 times with lets encrypt without an issue
To get a Let's Encrypt certificate you need either a publicly available webserver or a publicly available DNS zone. Do you have one of those?
1 Like
yes, only otsmartrecording.net, i have to get the csr from azure readiness checker and it gives me 12 csr, and when i try to get a certificate from one of those csr i cant because they dont exists, they are "internal resolution dns"
i tried but we cant because those dns doesnt exists
Then ask your boss how it was done previously, with details.
2 Likes
he doesnt know, mocked because i dont know and now im beinjg punished coming everyday to the offcie when everyone is in their house, i have been stuck with this for a month
Creating separate CSRs to try to submit is the most complicated and convoluted method of trying to use Let's Encrypt; there should just be an ACME client running that handles everything for you. If you're using Azure, as your previous posts imply, then you should be able to just use what Azure has built in to create certificates.
5 Likes
Then how does he know it was done 3 times in the past?
Possibly a manual process had been done using something like https://gethttpsforfree.com/
Update note: this is a HTTP-01 challenge.
1 Like
i dont have access to that, and im not even sure if its azure or iis, nobody tells me anything, one day i just got told, "use this azure thing to generate the csr, and then create the certificates with lets encrypt, how, idk its your problem""
lemme check that, thanks
1 Like
Well, if they're internal sites, then you'd need to use the DNS-01 challenge (as we said in your prior topic days ago). That would require access to update the DNS. And ideally this would all be automated so the ACME client would do the DNS update and install the certificate automatically.
It sounds like your employer is assigning you tasks that you don't have the permissions to do, which sounds really frustrating but I don't think people here will really be able to help you with that.
5 Likes
It is certainly not an ideal solution, but it works. But every 60 days you have to do it again.
1 Like
i tried but he says that it wasnt done like that, that they just got delivered and he is not doing any of that
Do you have any old certificates that worked, even if they are expired?
Sharing it would let us see what the certificate actually for SANs and if indeed Let’s Encrypt actually issued the certificates.
Also the CSRs would be helpful too, they are safe to share as are the certificates. The Private Keys DO NOT share.
1 Like
ok, i just got the old certificates, it doesnt let me upload them, they are in pfx, how do i check that you said?
Here is a list of issued certificates crt.sh | otsmartrecording.net, the latest being 2023-11-16 for *.otsmartrecording.net with is a wildcard certificate and was issued by Let’s Encrypt.
Why not just use that certificate?
1 Like
i made that one, and i dont know how i did it, and also doesnt work because its a .pem instead of a pfx
What do you mean by that? otsmartrecording.net seems to have Cloudflare nameservers on the public internet.
Well, that doesn't make much sense to me. Certificates usually don't magically come into existence. While it might be very easy to implement, often some kind of action is required.
5 Likes