How to have automatic reissuances in constricted situation

Situation: ISP Spectrum (Charter) web server Apache on Debian 10. My access privilege is only to the files of our site; not root, not sudo, Local computer OS is Windows. Customer (myself in this case) must acquire a certificate file, and pass it to Spectrum support who places file. That was done, all good.

Now what, for automatic reissuances?
I read and I read. Use this client, use that client. Run this script, run that script. This client information states for IIS. That client information states that you need to sudo.
This script states to run it in the server.
That script states file destination to which I lack access.

1 Like

You will not be able to do automatic re-issuance in your situation.


You could place the site behind Cloudflare CDN.
Your HSP should be able to get that figured out with a very longlived cert from CF.


Perhaps you could automate sending an email with the new certificate to Spectrums support? :smiley:

If their support has to manually install the certificate, how would you envision the automation part?

A better option would be to change hosting provider to one fully supporting (automated) Let's Encrypt certificates without any extra payment or trouble or what so ever.


Regarding "this client", "this script" etc, these are all part of https configuration for your webserver, which you are not administering, so that side is not (currently) your problem. If you want it to remain someone elses problem then you need to contact your host and get them to setup the cert for you, which is possibly a paid service.

If you want to take control of this yourself (and you are able to) then change your hosting to something you can manage yourself. An AWS Lightsail linux server is about $3.50 a month.

As @rg305 mentioned you could move your domain DNS to Cloudflare (free) which can automatically proxy your site and setup basic ssl for you (served by them). It's then up to you if you want your original server (called the "origin" server) to have a valid SSL setup as well, but it's optional.


your acme client can upload the challenge files via ftp, and then email the isp people.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.