Site - not domain - validation


#1

Sorry if this is a dumb question - I think i know the answer, but…
There are CAs which use nonce-based validation for a specific host, not a full domain. Does LetsEncrypt support this?

My use case is that I have full control of multiple web servers like:
one.myexample.com
two.myexample.com
three.myexample.com
Etc.
However, I don’t have control of the server that responds to the root myexample.com, nor do I have direct control of the myexample.com name servers.

Is it possible to use LetsEncrypt to generate certificates for “one, two, and three.myexample.com” without being able to respond to a challenge at myexample.com?

Thanks


#2

That’s fine.

You could generate certificates only for those hosts using http-01 .


#3

Hi @David4

yes, this is possible. There are two validation methods. dns-01 - needs a nameserver entry - would not work.

http-01: You have to create a file under /.well-known/acme-challenge/filename-with-a-very-long-token-from-letsencrypt

So if you can create such a file that is visible under

http://one.myexample.com/.well-known/acme-challenge/filename-with-a-very-long-token-from-letsencrypt

you can get a certificate from letsencrypt with CN=one.myexample.com


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.