How to get only the certificate and key without a site, for a p12 file?

Marco_Sulla · July 7, 2019, 10:16pm

Hello all. I would create a .p12 file for signing PDFs with a PADES signature. So I don’t have a site, I just need the certificate and the key. How can I do to get them? Certbot wants absolutely a domain.

I ran this command:

sudo certbot certonly --standalone

It produced this output:

Failed authorization procedure. marcosulla.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: dns :: DNS problem: NXDOMAIN looking up A for marcosulla.org

The operating system my web server runs on is (include version):

Lubuntu 18.0.4 (it’s my laptop)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.31.0

JuergenAuer · July 7, 2019, 10:53pm

Hi @Marco_Sulla

if you want a public trustet certificate, you need a public visible, worldwide unique domain name.

But marcosulla.org isn’t registered

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
marcosulla.org		Name Error	yes	1	0
www.marcosulla.org		Name Error	yes	1	0

So first step: Register that domain.

Then you can create a certificate via dns-01 - validation. Then you don’t need a webserver.

Check

But: As I know, you can’t use that certificate to sign PDFs. So Letsencrypt is the wrong way to do that.

schoen · July 8, 2019, 2:40am

Yes, Let’s Encrypt certificates are only valid for authenticating online sites and services with TLS and can’t be used for file or code signing. For these purposes, you’ll need to look for a certificate from a different CA.

Marco_Sulla · July 13, 2019, 2:20pm

Well, do you know any free CA Authority for signing a file?

schoen · July 13, 2019, 5:13pm

No, I don’t know of such a service.