Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My Domain: dcc-tc.com
Certbot Version: 4.0.0
I started by removing all the question I was asked to fill in. I didn't see where many of them were pertinent to the questions I have. I did include those items that I thought were pertinent.
I'm working to automate TLS certificate renewal for Oracle Enterprise Business Suite (EBS). The environment is different than one that simply provides HTTPS services via a browser engine. Oracle uses, what they refer to as the Wallet, to store certificates used to support connectivity to EBS's Web front end. The front end is essentially Apache running under Weblogic. Due to the way Oracle has all of this setup, it's required to produce a signing request, including the private key, within the Wallet. Because the system does not rely on a separate trust store for CA certificate queries, it's also required to include the signer's CA and any intermediates within the Wallet.
So much for the brief overview of what I'm up to.
I'm currently testing to see which acme tool I should use when integrating with my automation scripts, acme.sh or Certbot. I've created a Let's Encrypt certificate using acme.sh. It worked well. However, it occurs to me that Certbot may be a better option in that EBS can be run from a Windows system and Certbot appears to have a port for that platform.
The question: Can you provide tips/information regarding how best to port an existing Let's Encrypt signed certificate so that it can be renewed using Certbot? Since there is no direct access to the Apache server, I'm using DNS-01 authentication.
Regards,
David
