Standalone certificate without web server?


#1

I’ve actually used letsencrypt quite a few times. But for this particular set up, I want to create a root/trusted CA for a postgres server to use to secure connections to its database, and I do NOT have apache nor nginx installed on this server, quite deliberately so. Is there a way to create standalone certificates without using this extra overhead? (Yes, postgres has a mechanism for using self signed certificates, but I’ve run into this:
https://www.postgresql.org/message-id/20170418142919.24369.5931%40wrigleys.postgresql.org
and I’m trying to rule out that the issue is the self-signed CA by (quickly) getting a real CA.)

Even the examples of “standalone” circle around back to using some kind of web server.

The error when installing with the --standalone option is that the .well-known/acme-challenge file can’t
be accessed but OF COURSE it cannot when I don’t have the web server installed!

If this is impossible, then just let me know and I’ll use a more standard CA issuing authority. I was kind of hoping to resolve my issue quickly :-/


#2

You could use the DNS verification method. That doesn’t require a web server.


#3

Certbot’s --standalone option runs its own, built-in web server (momentarily). If port 80 is open to the Internet, it will work.


#4

We can distinguish between “port 80 is blocked” and “port 80 is redirected to a different server or there’s an existing web server after all” if we can see the exact error message from Certbot.


#5

Thank you! This did the trick. I did not realize that it had its own temporary web server for this process, so opening a crack in the firewall did the trick.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.