This has probably been asked a million times…but my google-fu/searching on this forum is failing me…
I have a DNS server and several local clients. I’d like to be able to create a CA and have an automated way of getting certs for servers via that CA -> Boulder sounds like the solution to my problem.
DNS IP: 192.168.1.10
Client IP: 192.168.1.15
Client DNS A Record: test.example.com
The client’s DNS is set to 192.168.1.10, and I can do nslookup test.example.com on the client and server and it resolves to 192.168.1.15.
On the DNS server:
apt-get install docker-compose cd /opt git clone https://github.com/letsencrypt/boulder cd boulder nano docker-compose.yml #replace FAKE_DNS with 192.168.1.10 docker-compose up
On the client:
cd /opt git clone https://github.com/certbot/certbot cd certbot ./certbot-auto --server http://192.168.1.10:4000/directory -d test.example.com
On the client, I get the following error:
Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for test.example.com Enabled Apache socache_shmcb module Enabled Apache ssl module Waiting for verification... Cleaning up challenges Failed authorization procedure. test.example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused IMPORTANT NOTES: - The following errors were reported by the server: Domain: test.example.com Type: connection Detail: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
I’m guessing this is because the server is seeing a self signed cert? I’d like to be able to install the CA on client machines so that https and such works without errors…can anyone point me in the direction of a guide for this for dummies?