Site - not domain - validation

David4 · June 26, 2018, 8:21pm

Sorry if this is a dumb question - I think i know the answer, but…
There are CAs which use nonce-based validation for a specific host, not a full domain. Does LetsEncrypt support this?

My use case is that I have full control of multiple web servers like:
one.myexample.com
two.myexample.com
three.myexample.com
Etc.
However, I don’t have control of the server that responds to the root myexample.com, nor do I have direct control of the myexample.com name servers.

Is it possible to use LetsEncrypt to generate certificates for “one, two, and three.myexample.com” without being able to respond to a challenge at myexample.com?

Thanks

stevenzhu · June 26, 2018, 8:28pm

That's fine.

You could generate certificates only for those hosts using http-01 .

JuergenAuer · June 26, 2018, 8:28pm

Hi @David4

yes, this is possible. There are two validation methods. dns-01 - needs a nameserver entry - would not work.

http-01: You have to create a file under /.well-known/acme-challenge/filename-with-a-very-long-token-from-letsencrypt

So if you can create such a file that is visible under

http://one.myexample.com/.well-known/acme-challenge/filename-with-a-very-long-token-from-letsencrypt

you can get a certificate from letsencrypt with CN=one.myexample.com

system · July 26, 2018, 8:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How are virtual host domains validated? Help	8	2312	March 11, 2017
SAN Cert with Domain Validation rather than Host Validation Help	5	2599	December 23, 2015
Certs for Mailserver different from Webserver Help	6	4720	May 19, 2017
Creating Certificate with Domain Name Hosted on China Help	2	2740	March 28, 2018
Is it possible to issue a certificate to a domain name that resolves to 127.0.0.1? Help	3	2614	April 30, 2016

Site - not domain - validation

Related topics