How to auto-renew Teleport Certificate in a remote store environment where I can not control the network

Background: I’m following this guide “How to use Let’s Encrypt with an SSH Bastion”
https://gravitational.com/blog/letsencrypt-teleport-ssh/
working on Teleport Trusted Clusters
https://gravitational.com/teleport/docs/trustedclusters/
Teleport leaf clusters are in remote stores geographically.
Teleport root cluster is in Amazon AWS cloud.

Goal is to auto-renew Teleport Certificate.

Question, In those remote store environment(Teleport leaf cluster) where I can not control the network, say no management access to gateway firewall of the store.
Can I use certbot to launch a web server listening on port 80 to respond to a ACME challenge?

sudo certbot certonly --standalone -d proxy.example.com -n --agree-tos --email=letsencrypt@example.com

If not, any other solutions/tips to auto-renew Teleport Certificate with Let’s Encrypt? Thanks!

1 Like

Hi @brant

it's impossible to answer. Please share your domain name, then it may be possible to check some things.

If you can't use http validation, perhaps use dns validation.

Then no webserver / no public ip address is required.

1 Like

Yes, the information provided is a bit confusing.
Have you tried using DNS authentication?
[that can usually work from almost most all places]

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.