Kerio Connect in a OFF-Line Scenario

I am running a Windows Server 2019 VM box. To troubleshoot some issues I am having with a production environment. I need a trusted SSL cert. I self signed cert will not work. My production server has a public IP and can be accessed from the internet. Lets Encrypt is working perfectly there.

However the lab setup has a Private Local IP lets say (static) and will only be used for testing. I can give it a subdomain and make the needed changes is DNS.
Is Lets Encrypt an option for me? If so What is the recommended process.
My production machine is TX1.{} I currently have the lab server named test.{mydomain}.com. I can change it if needed.


If {mydomain}.com is a real registered domain that you control, you can obtain a certificate using the DNS Challenge. This avoids having to expose your server to incoming internet traffic. It will still need to be able to connect to the internet outgoing, though.

How easy and automated this is depends on how you host the DNS for your domain and what ACME client you are using. It varies from "very easy and automated" to "painful and manual".

For Windows, check out Posh-ACME, WACS (Win-ACME), and Certify the Web. They all support a variety of DNS hosts.


My Dns is hosted through

1 Like

Well, you're in luck, all of the software I mentioned supports getting Let's Encrypt certificates via the DNS Challenge with DNS Made Easy.


Or get the certificate on a different host and somehow securely transfer the cert/private key/chain/et c. to the tx1 host.


These statements sound contradicting. The machine is a lab test machine on a VM. It could be made to make an outbound connection from time to time.. But not open to inbound traffic..

Sorry misread outgoing as ongoing.

1 Like

If the host tx1 can make outbound connections, then there shouldn't be a problem when using the dns-01 challenge.


Thanks I will look into that.

1 Like

I tried to use certify the web to create the key pair. I am operating a Kerio Mail Server. It apparently is using apache as its imbedded web browser. I can generate CSR but I don't seem to have a place to put it.

Also The TX1 host is working beautifully. Its the lab server named test.{mydomain}.com that is mentioned in the first post that is the issue.

It looks like the post auto word wrapped and may be confusing things.
"I currently have the lab server named test.{mydomain}.com. I can change it if needed."
Is what the sentence should look like.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.