Manual Certificate Issuing


#1

Will Let’s Encrypt CA be able to manually issue certificates without any installation to the server’s computer? If yes, through which procedure and how?


Step by step guide on using Let's Encrypt to implement SSL (https)
Can you use the automatic (cron) certificate update while using manual mode first time?
#2

Yes, you can select manual authentication using the offiical Let’s Encrypt client.


#3

You do need to run the software somewhere, but I guess it doesn’t need to be running as root. So it depends on what you mean by “installed”. Some software has to speak the ACME protocol the the certificate authority, and some software has to perform the verification step or tell the user how to perform the verification step.

It would be possible to speak the ACME protocol using an external HTTPS client like curl, but this would be extremely technically complex and time-consuming. So almost all users will want to use an ACME client application of some kind.


#4

And just BTW I think the title ‘Manual Certificate Issuing’ would be a better one, as the actual one can be mistaken for something like this question: https://community.letsencrypt.org/t/is-it-possible-to-use-an-already-created-key-pair


#5

I mean that I want to perform all verification, etc. steps on my own probably using a client program, but never allowing to configure my system.

So, I would hypothetically provide it a CSR, do whatever temporary verification steps are required (manually entering DNS entries or posting files) and then it would ONLY output a certificate file. Nothing less, nothing more.

Is that possible using the current LE client?


#6

@Jason: Yes.