Manually Generate Let's Encrypt Certificate and convert to .crt and .key

Post Reply
  • Author
  • Message
User avatar
Posts: 57
Joined: 31 Oct 2013, 13:36

Manually Generate Let's Encrypt Certificate and convert to .crt and .key

Post by faridmmv » 17 Oct 2019, 12:32

Code: Select all

chmod a+x certbot-auto
certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Then, the command to use the manual plugin will look something like this:

Code: Select all

./certbot-auto certonly --manual -d * -d --preferred-challenges dns-01 --server
During certificate generation procedure you will need to add txt records to your domain. Make sure you have appropriate access.

If succeed you will see message below:
2019-10-17_11-40-14.png (16.38 KiB) Viewed 11422 times
2019-10-17_12-29-10.png (14.09 KiB) Viewed 11422 times
Then you can simply change extension of the privkey.pem to privkey.key; cert.pem to cert.crt; chain.pem to chain.crt;
What is returned by the ACME protocol is basically the fullchain.pem file. It’s the signed certificate plus one or more certificates that make up the issuing CA chain. So you then just split that out into cert.pem (the first cert in the file) and chain.pem (the rest of the file). It’s a plain text file and you should be able to see the cert delineations fairly easily.

You’re correct that privkey.pem is the private key you already used to sign the cert request.

Source: ... tbot/56285 ... 29876.html ... rt-and-key ... a_keystore ... om-scratch ... cate/78376
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest