Manually modifying webroot / dns entries

fnosi · February 25, 2016, 3:37pm

Hi all.

Hope this is the right place to ask this question.

We have an existing website and are evaluating moving to Let’s encrypt for our certificates. As the site is quite used and we have a complex architecture (web servers mount a readonly webroot, it can only be modified fom a backend webserver with no access to internet, reverse proxies, no internet access from webservers etc) is it possible to do manually step by step the certificate request and the verification process?

I’ll try to explain better, is it possible to make the client ask me to do the required DNS modifications / put the eventual resources on our webroot?

I followed the various documnets on the website but couldn’t find info on this.

Thanks in advance!

fnosi · February 25, 2016, 4:02pm

Just to add on this, for me it would be fine to use the DNS verification too, actually that would be better, but even that i’m afraid to automate DNS modifications. Is it possible to have the client (or even a document) tell me what entry to add?

danb35 · February 25, 2016, 5:14pm

If you set the client to manual mode, it will behave in exactly the way you’re describing. An example of how that works is shown at https://wiki.contribs.org/Letsencrypt#Generate_the_certificate_on_the_internal_server.

fnosi · February 25, 2016, 5:19pm

Thank you danb35 for the reply, i actually was able to get a certificate this way.

Any hints about the DNS way?

danb35 · February 25, 2016, 6:01pm

I’ve not used DNS validation, but I understand letsencrypt.sh does. See https://github.com/lukas2511/letsencrypt.sh.