Use on non-web servers?

"PLEASE PERMIT ME TO ADD MORE INFORMATION TO MY INQUIRY
Thanks for taking time to reply.
This is the scenario I have, Other servers send log events in real time to the OSSEC Manager over constantly-open network connection.
How do I make use of TLS or DTLS in this case? Am asking because, there are lots of my application that are not internet facing (they do not have URL). I assume LE can only be used for applications that has URL.

or can I use LE for server FQDN like (mars-app01.sugar.local, mars-app02.sugar.local) which do not have URL ??

ALSO,

Kindly guide me"

I don't know that Let's Encrypt is very relevant to you here. If you control both ends of the connection, you can make your own self-signed certificate and tell the client to accept it, without involving a certificate authority at all. As you said, Let's Encrypt will only issue certificates for publicly visible names. (You don't have to have a web server or URL, but you do have to have a publicly visible hostname; without a web server, you can use the DNS challenge type, where you create make particular DNS records in response to challenges from the certificate authority.)

I doubt that anyone here will be in a position to advise you about OSSEC because I don't think anyone here is familiar with it at all. Although Let's Encrypt certificates can be issued and used for non-web applications, almost all of our integration work has been on helping people use them with their web sites and almost all of the conversations on this forum have been about that too.

You might find people with more relevant expertise on a forum related to OSSEC or to protocols that it uses. Over here we're happy to try to help you get your certificate, if possible, but we're unlikely to know what you would do with it in your application, assuming it's possible to use TLS or DTLS in your setup.

Edit: of course, your question is on-topic in this thread ("Use on non-web servers?"), but so far nobody has turned up who appears to know about the software that you're using.

"Much thanks for the input, No more OSSEC related questions.

Please am also considering using LE as our main CA to authorize Public/Natted IPs registered on F5 Big-IP device.

Will this work?

Kindly advise.

You can find some documentation for Let’s Encrypt with Big-IP devices here. I’m not familiar with the product, so I’m not certain what exactly you mean by “Public/Natted IPs” in this context, but one thing to point out is that Let’s Encrypt does not issue certificates for IP addresses, only domain names. Not sure if this is in any way relevant, but just in case.

Hello, were you able to use the generated certificate with Windows Remote Desktop Connection?

I wrote a guide on this last year, LE works perfectly with Postfix, Dovecot, Webmin and just about anything using SSL.

2 Likes

You might want to look at this solution. It worked for me.

A post was split to a new topic: Qmail renewal script