Oracle EBS with Letsencrypt

Hi Experts,

We are planning to implement SSL on Oracle EBS 12.2.x wit Let's encrypt as Let's encrypt is provide free SSL certificate and we have to enable TLS 1.2 on Oracle EBS instance, therefore, i need your help and support in this regard.

Please note that the machine is locally hosted and not public on the internet also limited outbound internet access is given to the machine

i also read a post where it is possible to generate an SSL certificate without internet through a DNS-based validation method so will this work for my scenario?

Oracle EBS with Letsencrypt

Hi @osama.mansoor and welcome to the LE community forum :slight_smile:

Since the system

DNS authentication will be the only way for it to obtain a cert directly.
But that requires for the system to have outbound HTTPS access to acme-v02.api.letsencrypt.org and be able to update a real internet DNS zone (to prove ownership of that name).
If that is NOT possible for that system, you may have to resort to some clever delegation.
Where some other (less restricted) system can go get the cert and then make it locally available to your system.

2 Likes

Thanks for posting.

As per the above link, the only problem with DNS authentication is renewal how can we overcome this problem?

If that is NOT possible for that system, you may have to resort to some clever delegation.
Where some other (less restricted) system can go get the cert and then make it locally available to your system

What should be the step-by-step approach?

1 Like

There are many ways to do that.

There are two separate parts to that solution:

  1. The basic idea is to get another system configured to obtain and renew the cert(s)
  2. Then you find a way to upload/download/share those cert(s) files with the server that will use them
1 Like

OK many thanks for your response.

Can you please confirm one more thing?

Will acme.sh (script) has a feature to auto-renewal certificate ? after 30 days expiry.

Most ACME clients will add a cron job entry (or something similar) once they have issued a certificate.

Try:
sudo crontab -l

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.