This is successfully issuing a certificate using DNS-01 with my DreamHost API Key. It really couldn’t have been simpler.
We’re running 4D Web Server, and it is looking for the key.pem and cert.pem files in that path. This is working fine. The problem that I just realized existed was that the cert.pem didn’t have the Intermediate Certificate chained to it. I manually added the contents of the intermediate file after the contents of the cert.pem file and it works fine and now validates.
It it possible for the command line to chain these for me and copy to the paths currently in my command?
If it matters, I’m running this on macOS.
I believe I tried using the full chain cert only in the 4D server path and it didn’t work.
Got it… I think it is working. I thought I tried that when I was originally trying to get the cert to work manually.
I eventually realized I was also troubleshooting macOS not allowing 4D Server to run on port 443 even as an authenticated admin user. Still haven’t figured out how to get that to work, so I’m using port 440. The 4D app has a helper app that starts the web server supposedly for ports <1024. It works for port 80 but I can’t get 443 to bind and nothing else is using it.
If your clients are coming from the Internet, then you can simply NAT (port forward) the external IP:443 to your internal IP:XXXXX
[which means you can use any port (even those above 1024)]
If your clients are on the same internal network… then keep reading and good luck
I thought about NAT translating the ports but honestly I’m hoping to fix the problem… It’s just used for some XHR data pulling so once the URL is set, it doesn’t matter what it is really…
In review, I may not have clearly answered this question.
The key is ONLY contained in the key file.
Yes, the full chain file does contain the cert and the intermediate(s).
Update… Turns out the fullchain-file from the command string only partially works. I tested it in a few free TLS checkers and some came back fine but some failed.
When I looked at the PEM file, there was an empty line between the two certificates in the chain. To my knowledge this is against the standard format. I removed that line and the test passed in one that failed before. Is there a way for this extra line to not happen automatically?
Possibly, but I’m also troubleshooting a php cURL Error 60 with DreamHost and a 3rd party plugin that does Webhooks. It says it can’t validate the certificate. Then, I ran the checker a couple days ago and realized it failed because I wasn’t using the fullchain file. When that line is gone, it works fine. So is php cURL broke?
