Site says to upload Certificate, Private key and CA bundle

My service provider does not support Let's encrypt directly but said

"If you wish to Install third party SSL, It is advisable to upload SSL certificate bundles such as Certificate, Private key and CA bundle for your domain in cPanel under File Manager and let us know the path so that we can proceed with SSL installation."

I know how to access and add files to my site but I am not aware of exactly what they want me to upload nor how to obtain it from here.

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

This should help immensely:

1 Like

No gold.

" Trouble...

urn:ietf:params:acme:error:unauthorized
Invalid response from http://mysite.com/.well-known/acme-challenge/oMzx0YIgN5BgEFEL9wyrEnV9D0juJTs9ZyC270GnskM [162.215.248.242]: 500"

Mysite is actually mysite.com/v5 but requires only mysite.com to access and /v5/ address also rejected

1 Like

Is my hosting provider blocking perhaps?

1 Like

I don't understand that part.. Do you have access to mysite.com or only to mysite.com/v5/ ?

Also, to answer your initial question:

They don't want you to upload your site the same way you upload HTML, JPG or PNG files to your website. Usually the hosting providers configuration panel (such as cPanel) offers a specific SSL part of the panel to upload said files.

2 Likes

I concur @Osiris.

It seems that rather than certifying a subdomain (v5.mysite.com), which Let's Encrypt allows, @stillblue is trying to certify a specific URL (http://mysite.com/v5), which Let's Encrypt doesn't currently allow.

It also seems that the hosting provider expects to find the certificate, CA bundle, and private key files on the hosted instance somewhere so that the hosting provider can install the certificate. This would be fine as the certificate and CA bundle would both be located in /CertSage/certificate.crt and the private key would be located in /CertSage/certificate.key if @stillblue were certifying v5.mysite.com.

2 Likes

I don't believe that's possible at all, from any CA. A certificate validates a host, not a path.

3 Likes

URLs are allowed as SANs in specs. I learned this when writing a DER en/decoder. To my knowledge, no trusted CA will issue accordingly though.

2 Likes

RFC 5280 allows the SAN extension to contain a lot of things currently not allowed according to the CA/Browser Forum baseline requirements. Never say never, but I don't think those other SAN options will be allowed in the (far) future. So I'm enclined to say CAs will not allow specific URLs in their certificates any time soon.

4 Likes

Yep on all accounts.

:slightly_smiling_face:

3 Likes

A what?

2 Likes

But that's just a HTTP forward using a HTTP Location header?

2 Likes

Guess what those 301 and 302 "types" are? Yes, you guessed correct! HTTP redirect statusses :wink:

In DNS the hostname are just A and AAAA records:

images.westcoastdrone.io. 2592000 IN A 46.166.184.113
images.westcoastdrone.io. 2592000 IN A 185.206.180.148
images.westcoastdrone.io. 2592000 IN AAAA 2a00:1768:2001:63::46:113
images.westcoastdrone.io. 2592000 IN AAAA 2a0b:1640:1:1:1:1:c45:4c4f
2 Likes

Still a HTTP redirect :wink:

2 Likes

How is it "handled" via DNS?

2 Likes

I seemed to have missed key parts of the thread.
I'll remove my confusing mess following @griffins final post.

2 Likes

You do realise that all you've shown here are simply HTTP redirects, right?

2 Likes

Yes. I have confused the issue and have cleaned up my posts..

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.