Background: I’m following this guide “How to use Let’s Encrypt with an SSH Bastion”
working on Teleport Trusted Clusters
Teleport leaf clusters are in remote stores geographically.
Teleport root cluster is in Amazon AWS cloud.
Goal is to auto-renew Teleport Certificate.
Question, In those remote store environment(Teleport leaf cluster) where I can not control the network, say no management access to gateway firewall of the store.
Can I use certbot to launch a web server listening on port 80 to respond to a ACME challenge?
sudo certbot certonly --standalone -d
proxy.example.com -n --agree-tos --email@example.com
If not, any other solutions/tips to auto-renew Teleport Certificate with Let’s Encrypt? Thanks!
it's impossible to answer. Please share your domain name, then it may be possible to check some things.
If you can't use http validation, perhaps use dns validation.
Then no webserver / no public ip address is required.
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
Yes, the information provided is a bit confusing.
Have you tried using DNS authentication?
[that can usually work from almost most all places]
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.