0

I want to generate an SSL certificate using Certbot for a subdomain which points to a Docker Registry server which is not accessible from outside.

Since I cannot use LetsEncrypt DNS challenge the idea is to place Certbot on a server which is publicly accessible and generate the certificate there and then move it to the Docker Registry server.

Can Certbot be used in such way?

tolkinski
  • 101
  • Yes, but you'll have to do it again after 90 days. Why can't you do the DNS challenge, though? The LE DNS record can be publicly available even if the domain/subdomain it's applicable to isn't. – ceejayoz Nov 07 '18 at 14:29
  • I want to automate the renewal process, and using DNS is not an option since I do not have the access to the DNS API. – tolkinski Nov 07 '18 at 14:53

1 Answers1

1

I would recommend using an alternative acme client, for example https://github.com/lukas2511/dehydrated which is (imho) much simpler to use and include a simple shell-based hook system that you could use to copy the generated/updated certificates to your internal systems.

Other acme client do provide this kind of integration however so dehydrated is not your only choice (nor certbot) ;)

silmaril
  • 491
  • 3
  • 9