I want to get certificate created for my domain and downloaded in order to install this manually later

mmalbasic · May 15, 2017, 4:30pm

Hello,

Does anybody know how to get the certificate downloaded and NOT YET installed on my Server?
It’s because I need the certificate for my subdomain. Means: I have, for example Domain meinexample.eu and I created subdomain: api.meinexample.eu. This the IP from “api.meiexample.eu” is pointing to another dedicated Linux Server where I added this IP to the second Network Interface on this Server.
As far as was able to understand, the certificate can be installed automaticaly on the Server.
But: I don’t Need it automaticaly installed on the Server - I Need it created - whereever or however - for my subdomain “api.meinexample.eu” and then I want to install this manually on my dedicated Linux (CentOS 6) Server where Apache is running and is listening on the second, as mentioned, Network Interface.

Hence my question: how to create certificate for my subdomain api.meinexample.eu and then download this and be able to have the certificat file as usualy with a Extension *.cert or *.pem or similar certifikat file.
There are all descriptions how to do that automaticaly and how to get it installed automaticaly.
But what I Need is a simple certificate file as downloadable (after creating, of course) *.cert file whis has been created for my subdomain “api.meinexample.eu” so I can configure my Apache Server running, how mentioned, on another Linux machine, to use this created cert file?
How to install certificate on a Linux Apache - I know how to do that - but I Need the certificate file created first and then whenever later - manually install it on the Apache.

Does anybody know how to do that?

Thank you for your help.
P.S. Sorry for my bad english.

best
Milan

tialaramex · May 15, 2017, 6:08pm

The certonly feature in Certbot will obtain a certificate without taking any other steps. However, pay attention to the fact that Let’s Encrypt will want to verify the exact name in the certificate. You can’t use proof of control of www.example.com to obtain a certificate for api.example.com as you may be used to from some commercial offerings.

Osiris · May 15, 2017, 6:13pm

While @tialaramex is correct about using certbot certonly to get just a certificate, keep in mind you’d have to renew the certificate at least once every 90 days.

schoen · May 15, 2017, 8:16pm

Also, if you find Certbot difficult or inapplicable in some way, you can also try something like https://www.zerossl.com/ to generate the certificate in your browser. (You still have to perform a task related to an existing server during the certificate issuance process in order to prove that you control the domain name.) The certificate can then be saved from your browser and does not have to be installed right away.

mmalbasic · May 16, 2017, 5:52am

Hello schoen,

thank you for the info about zerossl.
but before i try it I still want to try with Certbot.

thats’ what I tried until now without success, I’m getting the error with python26.

**[root@psms04 ~]# /usr/local/sbin/certbot-auto certonly -d api.meinexample.eu**
**Bootstrapping dependencies for RedHat-based OSes… (you can skip this with --no-bootstrap)**
**yum ist /usr/bin/yum**
**Geladene Plugins: fastestmirror, security**
**Einrichten des Installationsprozess**
**Loading mirror speeds from cached hostfile**
**_ * base: mirror.23media.de_**
**_ * extras: mirror.23media.de_**
**_ * ius: mirror.amsiohosting.net_**
**_ * updates: mirror.23media.de_**
**Paket gcc-4.4.7-18.el6.i686 ist bereits in der neusten Version installiert.**
**Paket augeas-libs-1.0.0-10.el6.i686 ist bereits in der neusten Version installiert.**
**Paket openssl-1.0.1e-57.el6.i686 ist bereits in der neusten Version installiert.**
**Paket openssl-devel-1.0.1e-57.el6.i686 ist bereits in der neusten Version installiert.**
**Paket libffi-devel-3.0.5-3.2.el6.i686 ist bereits in der neusten Version installiert.**
**Paket redhat-rpm-config-9.0.3-51.el6.centos.noarch ist bereits in der neusten Version installiert.**
**Paket ca-certificates-2016.2.10-65.4.el6.noarch ist bereits in der neusten Version installiert.**
**Paket python-2.6.6-66.el6_8.i686 ist bereits in der neusten Version installiert.**
**Paket python-devel-2.6.6-66.el6_8.i686 ist bereits in der neusten Version installiert.**
**Paket python-tools-2.6.6-66.el6_8.i686 ist bereits in der neusten Version installiert.**
**Paket 1:mod_ssl-2.2.15-59.el6.centos.i686 ist bereits in der neusten Version installiert.**
**Nichts zu tun**
**Creating virtual environment…**
**Traceback (most recent call last):**
**_ File “/usr/lib/python2.6/site-packages/virtualenv.py”, line 2559, in _**
**_ main()_**
**_ File “/usr/lib/python2.6/site-packages/virtualenv.py”, line 963, in main_**
**_ never_download=options.never_download)_**
**_ File “/usr/lib/python2.6/site-packages/virtualenv.py”, line 1073, in create_environment_**
**_ search_dirs=search_dirs, never_download=never_download)_**
**_ File “/usr/lib/python2.6/site-packages/virtualenv.py”, line 610, in install_setuptools_**
**_ search_dirs=search_dirs, never_download=never_download)_**
**_ File “/usr/lib/python2.6/site-packages/virtualenv.py”, line 582, in install_req**
**_ cwd=cwd)_**
**_ File “/usr/lib/python2.6/site-packages/virtualenv.py”, line 1041, in call_subprocess_**
**_ % (cmd_desc, proc.returncode))_**
**OSError: Command /root/.local/share/letsencrypt/bin/python2.7 -c "#!python**
**"""Bootstra…sys.argv[1:])**

**" --always-copy -U setuptools failed with error code 1**

As far as I was able to find more docu about needed packages, following should be also installed and is installed:

python-pip.noarch 0.8-1.1 installed
And:
python-virtualenv.i686 1.8.4-25.1 installed

Somewhere I found that that python 27 should be installed in order to use the Certbot.

And python 27 is also installeld on my Centos 6:
[root@psms04 ~]# yum install python27.i686
Geladene Plugins: fastestmirror, security
Einrichten des Installationsprozess
Loading mirror speeds from cached hostfile

Paket python27-2.7.13-2.ius.centos6.i686 ist bereits in der neusten Version installiert.
Nichts zu tun
-But somehow the comamnd:
[root@psms04 ~]# /usr/local/sbin/certbot-auto certonly -d api.meinexample.eu
doesn’t work as expected…

If you know how can I solve this I would be thankfull, if not - I’ll try with “zerossl”…

thx
best
Milan

mmalbasic · May 16, 2017, 8:41am

I was able to create all needed files from “zerossl”.

Means, my problem with the creating of the certificate has been solved using this workaround (zerossl).

@schoen: Thank you again for the info about zerossl - great & simple way to get it downloaded.

Gruss
Milan

schoen · May 16, 2017, 7:54pm

@mmalbasic, I’m glad it worked out for you.

@bmw, feel free to look into this certbot-auto bootstrapping problem (CentOS 6, Python 2.6 but also Python 2.7 installed, fails with --always-copy -U setuptools failed with error code 1) if you think it might be something unknown that could affect other people. However, this particular user is no longer trying to use certbot-auto.

bmw · May 16, 2017, 9:27pm

Interesting. When certbot-auto failed it was running a command equivalent to:

virtualenv --no-site-packages --python $(command -v python2.7 || command -v python 27 || command -v python2 || command -v python) ${XDG_DATA_HOME:-~/.local/share}/letsencrypt

If you’re interested in helping debug the problem, I’d like to see the output of this command on your system, but regardless, I’m glad you found something that worked for you!

system · June 15, 2017, 9:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.