What I mean, do you know of such app that explicitly deals with CSR and not private key?
Cause some of them will probably create new key pair or will try to generate CSR from existing private key.
I sell my heart to pretty ladies, soul to devil and private key is not for sale.
I am collapsing. Good night!
Thanks for all!
There are such apps. I have plans of porting Open ACME into a streamlined script.
I saw your posts in the link from acme.sh --signcsr --csr /path/to/mycsr.csr -w /path/to/webroot/
you may also want to look at --stateless option, so it doesnât need to be even talk to webserver at all. (itâs nginx set to reply vaild challenge to any request from specific acme account.)
My small ACME app GitHub - bruncsak/ght-acme.sh: Get publicly trusted certificate via ACME protocol from LetsEncrypt or from BuyPass is capable to deal exclusively with the CSR, no need to access its key. It is capable to do stateless HTTP-01 validation, but you may opt for DNS-01 validation via nsupdate or via external script you interface to it.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.