Why so many steps?

So I can only get myself a certificate if I’m already owner of a domain and already hosting and I’m literally running certbot on the server that is hosting a webserver? That’s a lot of restrictions, I just wanted to test this thing and see if I can use the certificates. Why isnt there a command like this: “certbot blabla.com
and then I get certificates for blabla.com that work locally? and then it should be a simple step to migrate to real certificates that get used the same way. I mean why make me use openssl manually and then I have to switch to certbox later with who knows what kind of compatability.

Because LE is public trusted CA. it’ll be valid for everyone so they can’t give you certificate for any site you want site like a candy.

2 Likes

What "compatibility" are you concerned with? Let's Encrypt generates standard X.509 certificates, which work in pretty much every TLS-supporting software out there. But yes, you can only issue a cert for a domain you can prove you own. If you want a self-signed cert for testing purposes, check out zerossl.com--it can create the cert for you right in your browser.

1 Like

Hi @Meai1

you can.

  • You don't need to use Certbot, there are a lot of other clients.
  • If you use dns-01 validation, you don't need a running webserver. And you can do that manual, so no automation is required. Good to test such things.

  • But if you want to use a certificate, you don't want to do that manual. So testing and using are different situations -->> different solutions.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.