I'm sorry if my question is dumb but I didn't find an answer.
My server has access to internet behind proxy and is not reachable from outside. It has a JAVA app running on port: 6700 (websocket server - wss). No web server on it.
I'm not sure how can I get the certificates in my case.
Again, I'm so sorry if my question is dumb, english is not my first language. Be nice!
Thanks in advance.
There are three ways of proving that you own a domain name and can thereby get a certificate for it:
Of those, the only one that doesn't need the name to be accessible to the complete Internet is the DNS-01 challenge, where you put a TXT challenge record in your DNS for the name to prove that you own it.
This gives a lot of flexibility, especially for cases like yours where the server isn't public. But in order to automate certificate issuance, you then need to be able to automate adding that TXT DNS record. Some DNS providers make this easier than others. If you say what DNS provider you're using we may be able to help you find more information about automating it.
The general way to automate getting certificates is through one of the clients:
It may take some trial-and-error to find one that works best for you. I'm not sure if you want something embedded within your application to get certificates, or if you just want some regularly-running script that creates whatever key and certificate files you need. (Java in particular sometimes is easiest to use with Jakarta Keystore files, which isn't a common output so you might need to do some additional conversion on the files you get from the client you use depending on what specific format your application needs.)
Thanks petercooperjr,
I followed https://letsencrypt.org/docs/challenge-types/ and I got the certs.
It didn't work.
The documentation says: only 80 and 443 port and my websocket server is on: wss://my-domain:6700
(handshake timeout)
Any idea?
thanks!
Hi @sadzas
please read the link exact you have shared.
Nothing else.
If you aren't able to create a webserver, switch to dns validation.
As I was trying to say, if the server isn't accessible from the outside then DNS validation is the way to go.
If the server IP is accessible to all and you can open port 80, then you can use HTTP-01 validation with something like certbot's standalone mode, where certbot spins up its own mini web server just to answer the challenge request.
But regardless that would just get you a certificate file; you might need to do some work to integrate that file into your Java application.
petercooperjr, THANKS a LOT.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.