I would like to authenticate on my https servers with X509 certificates. There are a number of situations where it is quite useful. For example, I am running a small Zabbix server under SSL. I want to authenticate using certificates to be sure I am the only https user. Later, I would like to use OpenSC and smartcards for SSL logon.
Using CAcert, I can create a certificate for my server and then issue client certificates and use them to authenticate against my server. I guess this is called TLS authentication with X509 certificates, but I am not very sure. This is working quite well.
Is that possible with Let’s Encrypt ? Do I need to create a small CA, issue a CSR for my server, sign it with Let’s Encrypt and then use it to sign client certificates.
If that possible? Anyone with a comparable setup?