I have a server running an older (but still security supported) Linux which doesn’t seem to be capable of running letsencrypt authentication. I figured I could just get the certificates using my workstation and move them to the server manually. This shouldn’t require root access on my workstation and it even says in the FAQ that “It is also possible to use the “manual” mode to complete a verification process and obtain a certificate without running the client software as root.”. How do I do this? I tried running letsencrypt with
./letsencrypt-auto -d my.domain certonly --manual
but it still asked for my root password.
The client still uses sudo to update packages as needed for where it’s being run. If you don’t want that at all, look over at the List of Client Implementations for some alternatives.
The letsencrypt-auto script tries to install all necessary dependencies by default. To do so, it needs root access.
I first ran the client with just ./letsencrypt-auto --help to install the dependencies. This went fine, but the client also seemed to need sudo password for subsequent runs when dependencies were already installed.