Newbie to letsencrypt,need to issue a certificate manually

Help
1

hello guys!
i’m newbie to generating letsencrypt certificate,plz help me!

  1. i have windows machine with kerio connect (mail) running in it. No iis role installed. i want to create a certificate to apply to my web interface for users to access to webmail. what the sequence of actions to do it?
  2. i have mailserver on freebsd,postfix +dovecot. i want to create a certificate to apply to my web interface for users to access to webmail,as well. But the only way i can get letsencrypt certificate is to generate it on windows machine manually and hen upload to server via gui. how should i do this task?

Plz assist,dear colleagues!

The operating system my web server runs on is (include version): windows,free bsd
I can login to a root shell on my machine (yes or no, or I don’t know): freebsd-no

2

The end goal is always to automate the renewal process; so that you can just set it and (pretty much) forget it.
If you are going to do any part of this process manually, then you won’t be able to fully automate it.
So, the best solution is one that requires no manual steps.
Our job now is to find that solution given the situation.
I need some clarification:

  1. Where will the cert(s) be used?
    Be specific about domain names and operating systems.
  2. How much administrative access do you to that system?

[If there are multiple systems that require certs - let’s please do them one-at-a-time]

3

Appreciate your reply so soon!

  1. Win8.1x64 , for example mbx.cde.xyz will be hostname.
  2. I cannot have access to shell but can upload and apply corresponding certificate via http gui access.
    By the way, automation process is interesting as well))
    Thanks!

ср, 12 авг. 2020 г., 14:58 Rudy Gomez via Let’s Encrypt Community Support <letsencrypt@discoursemail.com>:

4

There is no IP for mbx.cde.xyz
If you own that domain (and since you probably won’t be able to run anything on that system anyway), you can obtain a cert via DNS authentication.
This means you can obtain a cert for that name from any client that can update your DNS zone (be it manually or via some automated method).
[not to be confused with automating the renewal from the system that uses the cert]

  1. So where will you be doing the manual renewal process?
  2. Does your DNS provider support updates via API?
5

thank u for your reply soon!

  1. manual renewal process is supposed under windows8.1 x64 machine
    2.don’t know exactly, name.com

ср, 12 авг. 2020 г. в 15:47, Rudy Gomez via Let’s Encrypt Community Support <letsencrypt@discoursemail.com>:

6

There is an API.
https://www.name.com/support/articles/360007597874-Signing-up-for-API-access?keyword=DNS%20API

1 Like
7

Then you just need to use a Windows ACME client that provides DNS API support for NAME.COM.

8

And if without dns api? How should i act, having only win-machine by hand?

чт, 13 авг. 2020 г., 09:29 Rudy Gomez via Let’s Encrypt Community Support <letsencrypt@discoursemail.com>:

9

Yes, if you have access to manually update your DNS zone, you can choose the manual option and “walk through the steps”.

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.