Manual cert creation

OK all, so I have a small issue, firstly, my primary domain cert expired and I had no way of renewing because I don’t have a server at the primary IP that can run the ACME client (not quite true… but… running it on a OpenWRT router is… difficult.) I need a way of MANUALLY creating certs for various devices that accept the installation of certs, but can’t easily be coaxed into self-generating them through the ACME client. is there any way I can do this without spoofing the device names though host wizardry? I also have a camera DVR that has facilities for SSL certs, but I have absolutely NO way of ssh/telneting in to the blasted thing… any help would be massively appreciated!

My domain is:
*.kitsunet.info
I ran this command:

It produced this output:

My web server is (include version):
Various
The operating system my web server runs on is (include version):
Various
My hosting provider, if applicable, is:
self, AlphaRacks, Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes, on most
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO.

I think your best bet would be to use a browser-based client, such as https://zerossl.com

This supports both DNS and HTTP-based challenge types, but is completely manual. That is to say, you’ll have to go through the process, including uploading challenge files or setting challenge DNS entries, at least every three months.

It’s really the only way for unsupported systems like a DVR server with proprietary OS and no “standard” web server.

I disagree. Even if @Gartral can’t run an ACME client on his OpenWRT router, it’s probably very much possible to redirect the http-01 challenge to a host which can run an ACME client. And script the distribution of the certificate back into the router.

By the way, I would assume one of the bash clients would be able to run on OpenWRT?

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.