Using Let's Encrypt in a lab environment

By   09-20-2016 · 1 minute read · 203 words

If you’re playing with Let’s encrypt in an internal environment such as a lab, chances are you’re failing to generate your certs since the Let’s encrypt agent performs a domain validation process where it spins up a python web server and hosts a http resource that the CA can fetch.

Here’s what I did in my lab environment which was not publicly accessable in order to obtain certs for valid domains I did have running on external servers.

You must be able to create a resource on the public web server that you plan to do this on.

Let’s grab the agent:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Let’s run it in standalone mode and provide your email + domain in the details. You’ll also need to run this as super user.

cd /opt/lets/encrypt
./letsencrypt-auto certonly --standalone

It will likely fail saying it failed to validate the domain, I received something along the lines of:

Detail: Failed to connect to x.x.x.x for TLS-SNI-01


Instead we want to run the command with a manual switch:

./letsencrypt-auto certonly --manual

Using the manual switch you’ll be instructed to make a file resource available on your public web server and the CA will validate that proving domain ownership.

ssl   lets-encrypt