SSL Certificate for Non-Hosted Domain

Yes, it's not a good solution. It's a blatant stopgap.

3 Likes

I really think this Lets Encrypt site should offer one year certificates for $1.50...it would still be inline with its original intent.

1 Like

They sold out to ZeroSSL in 2020. No one should use an ACME web client due to the security risks involved and the potential of violating the Let's Encrypt subscriber agreement. I say this from my own personal experience as one who has authored several such clients. My current ACME client CertSage has a web page interface, but operates on the local server so that the ACME account and certificate private keys never leave the local server.

9 Likes

I agree that, at least in the normal case, they shouldn't be used, but at least https://gethttpsforfree.com/ demonstrably never has your private keys (either for the account or for the cert). But the downside there is a lot of manual work with openssl.

8 Likes

Yes, as did a lot of others.

And yes, it has strong downsides. But...

4 Likes

It turned out that, after digging deeply into the issue, my domain registrar does not support DNS_NSupdate RFC2136. So, I switched name server to Cloudflare and after a few stumble, got my certificate...wipe off sweat for lots of reading, swearing, and more reading.

[Fri Feb 18 13:04:37 CST 2022] Your cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.cer
[Fri Feb 18 13:04:37 CST 2022] Your cert key is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
[Fri Feb 18 13:04:37 CST 2022] The intermediate CA cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/ca.cer
[Fri Feb 18 13:04:37 CST 2022] And the full chain certs is there: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/fullchain.cer
[Fri Feb 18 13:04:37 CST 2022] Run reload cmd: /tmp/acme/nollivoipserver_cert/reloadcmd.sh

Thank you all for responding and encouraging me to work out whatever issues I was having and for teaching me a little patience and perseverance equal success with Let's Encrypt.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.