Before I install certbot on a Linux server I want to check this is possible. I want to make certificates on the Linux server and then export them to my firewall. Is it possible to use Let’s Encrypt to make certificates on the Linux server and then export them to the firewall and other servers going forward?
1 Like
Welcome to the Let's Encrypt Community, Michael 
Yep. That's very common, especially in the case of load balancers acquiring and distributing certificates to workers. Just be sure to export their private keys securely.
2 Likes
Thanks for the quick reply. Any thing special I need to do?
I found this article. Does that look like the best approach?
1 Like
That guide mostly is about getting a certificate in the first place. And badly at that too. Using the dns-01 challenge manually is very much discouraged as it prevents automated renewals.
5 Likes
The best starting place is to understand the way that Let's Encrypt verifies challenges for issuing certificates, particularly the HTTP-01 challenge.
If you want to read through a PHP ACME client that's well-commented to gain a better understanding of the ACME process, you can download my single PHP file CertSage ACME client (certsage.txt).
2 Likes
It is difficult to be sure, since you haven't provided any information on the firewall (and it's certificate requirements).
I would start with what the firewall needs.
3 Likes
This certificate won’t be able to auto renew as the firewall doesn’t have that option. It is a Sophos XG firewall. I am happy to manually renew the certificate. I just want to be able to create them and I will deal with the renewals.
Well... The acme client usually is on the same machine as the webserver, but it doesn't have to be.
You can autorenew via dns-01 challenge and use a deploy hook to push the certificate on the server.
2 Likes
My domain is using Route53 so looks like have some options there.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.