Uses Let's Encrypt instead of Digicert

When I ran this, 1) I am not used to "spinning up a web server", never had to do it. 2) It created the cert with Let's Encrypt instead of Digicert. How do I make it use Digicert (this is pretty much the command line their help system says to use)? It worked with Digicert back last Fall ok.

My domain is:

I ran this command:
certbot certonly -d subs.mydomain.com --register-unsafely-without-email --eab-kid "mydigicertkid"" --eab-hmac-key "mydigicertmac" --server "https://acme.digicert.com/v2/acme/directory/?orderId=123456&action=renew"

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): e[31mExiting abnormally:

My web server is (include version): Apache 2.4.51

The operating system my web server runs on is (include version): Windows 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): RDP

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.24.0

Welcome back.

This is a forum to help get and use Let's Encrypt certs. Your question is about using Certbot for Digicert so would be best addressed to Digicert or even the github for Certbot.

Best of luck to you

3 Likes

Then you probably didn't use the standalone plugin previously, maybe the webroot plugin? "Spinning up a webserver" is just one of the few plugins possible with Certbot to validate your hostname.

Note that validating your hostname, whether that's using the standalone plugin or some other method, is mandatory for all ACME servers, not just Let's Encrypt. Digicerts ACME server also requires a form of validation.

We don't know how you did it the previous time. Using the --server option is usually the correct way to change servers. However, it can be overwritten by an entry in a cli.ini file. Hm, some testing tells me the --server CLI option actually overwrites cli.ini.. :slight_smile: So that's not it.

3 Likes

subs.mydomain.com does not serve any certificate, LE or Digicert. (In fact, it doesn't seem to exist at all.)