Manually Generate Let's Encrypt Certificate and convert to .crt and .key

[faridmmv]

Code: Select all

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Then, the command to use the manual plugin will look something like this:

Code: Select all

./certbot-auto certonly --manual -d *.example.com -d example.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

During certificate generation procedure you will need to add txt records to your domain. Make sure you have appropriate access.

If succeed you will see message below:

2019-10-17_11-40-14.png (16.38 KiB) Viewed 387 times

2019-10-17_12-29-10.png (14.09 KiB) Viewed 387 times

Then you can simply change extension of the privkey.pem to privkey.key; cert.pem to cert.crt; chain.pem to chain.crt;

What is returned by the ACME protocol is basically the fullchain.pem file. It’s the signed certificate plus one or more certificates that make up the issuing CA chain. So you then just split that out into cert.pem (the first cert in the file) and chain.pem (the rest of the file). It’s a plain text file and you should be able to see the cert delineations fairly easily.

You’re correct that privkey.pem is the private key you already used to sign the cert request.

Source:
https://community.letsencrypt.org/t/get ... tbot/56285
https://lists.centos.org/pipermail/cent ... 29876.html
https://habr.com/ru/post/413017/
https://stackoverflow.com/questions/137 ... rt-and-key
https://support.code42.com/Administrato ... a_keystore
https://stackoverflow.com/questions/503 ... om-scratch
https://community.letsencrypt.org/t/gen ... cate/78376