SSL Zertifikat with this programm


#1

Hello,

currently I’m working on certifying our company domain. I’m what comes a server admin the closest

and was given the hint to try this software to create the needed certificates, which is not as

easily done as I thought at first.


#2

@FlorianB, I don’t quite understand your configuration here. Are you running the Let’s Encrypt client on your Linux Mint machine? If so, shouldn’t it have a /var/log like other Linux machines do?

For the standalone mode, all Internet traffic to ports 80 and 443 of mibs-ag.de and www.mail.mibs-ag.de should be at least temporarily redirected to the machine running the Let’s Encrypt client (and away from whatever other server is answering requests to those ports) – was that the case when you ran this? If not, standalone mode isn’t appropriate for your situation.

In general, the certificate authority needs to be able to contact the server that you’re using and verify that its configuration was changed in response to challenges that were sent. If you’re running the client on a totally separate machine from the machine that handles connections to the sites for which you want the certificate, you probably need to use manual mode (here standalone is an alternative to automatic integration with the local Apache, and does not refer to using a separate server; in configurations where you can use standalone successfully, there would be no benefit to installing Apache if you weren’t already using it!).

The Let’s Encrypt CA has recently rolled out DNS challenges, which let you, as an alternative, prove your control over a domain by making specified changes to its DNS records. This is potentially useful in cases where you can’t easily run software or make configuration changes on the server that the name is already pointing at. The Python Let’s Encrypt client that you’re using has not yet been updated to support the DNS challenges, but in other threads on this forum people have indicated that some other alternative clients have been, so you may also want to take a look at that if you think it would be easier to make changes to your public DNS records rather than making changes on the Windows server or redirecting inbound ports to your Linux Mint machine.