I already have a private key and a CSR generated by my hoster, and certbot installed on my own computer. Now I want LE to sign it

How to supply them to have a signed certificate directly? I tried --certonly, --standalone & --csr option, but it still asked me to create a file in .well-known directory, which I currently are having difficulties to do so.

1 Like

Hi @cocktaily

if it isn’t possible to create that file, you can’t use http validation.

Switch to dns validation:

--manual and --preferred-challenges dns instead of --standalone should work.

But that requires that you are able to create a DNS TXT entry.

3 Likes

That’s part of the hostname validation process, in this case through the http-01 challenge. (See the link above.)

Your hostname needs to be validated one way or another. Let’s Encrypt won’t issue a certificate without proper validation (it’s required to do so).

Also you’d need to repeat this elaborate manual process every 60 to 90 days (Let’s Encrypt certificates are only valid for 90 days and Let’s Encrypt recommends renewing the certificate after 60 days, which includes validating the hostname(s) again).

Do you really don’t have a way to automate this process? Is this private key and CSR generation by your hoster the only way? Unfortunately, you didn’t get the questionnaire which should be presented to you when you opened this thread in the Help section or you decided to delete it. Here it is again, please enter as much information as possible:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2 Likes

Thanks for the replies.

I’ve placed the file in .well-known and is accessible with the URL http://beyblade.epizy.com/.well-known/acme-challenge/W8TysRFwtnc6UmQIC68aqR2X7_6iWtOwjbZdpbzV_IA. But what the certbot could get is <html><body><script type=\"text/javascript\" src=\"/aes.js\" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,func

Command run was certbot certonly --manual --preferred-challenges http -d beyblade.epizy.com --csr ~/downloads/csr.der

Hosting provider: Infinityfree

1 Like

That’s

the known aes.js script.

That blocks the Letsencrypt validation via http.

Yep, that’s expected. Infinityfree blocks validation via http.

So switch to dns validation.

3 Likes

Since when does the Let’s Encrypt validation server parse JavaScript? :face_with_raised_eyebrow:

It doesn’t.

The server sends a html page with that JavaScript instead of the validation file.

So the validation file is hidden.

1 Like

It sounded like you claimed the JavaScript file was responsible for that error.

Strangely enough I’m getting 403 forbidden errors through curl. Looks like the server behaves differently for different HTTP clients.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.