cf-letsencrypt icon indicating copy to clipboard operation
cf-letsencrypt copied to clipboard

Published 20 hours ago verified publisher icon bsyk

Cloud Foundry upload fullchain.pem

Open bkrencker opened this issue 4 years ago • 6 comments

Hi Ben

I am stuck with the certificates after successfully generating them. I have four files from letsencrypt but I am unsure how to proceed next with those files.

  1. cert.pem
  2. chain.pem
  3. fullchain.pem
  4. privkey.pem

It should be possible to upload fullchain1.pem certificate to Cloud Foundry to a Custom Domain but I do not find the right commands in the CLI. Could you please clarify about the steps needed after the certificates are created with Let's Encrypt?

Best regards, Ben

bkrencker avatar Sep 15 '20 13:09 bkrencker

Certificates for custom domains are handled differently depending on who your cloud foundry provider is. You should be able to find instructions on their help pages. Let's Encrypt certificates can be treated in the same way as any other certificate from this point on in the process.

Which cloud foundry provider are you using?

If you're using IBM's Bluemix there is a fork of this repo that will handle uploading the certs automatically for you. https://github.com/ibmjstart/bluemix-letsencrypt

bsyk avatar Sep 15 '20 14:09 bsyk

I try to get it working on SAP Cloud Platform (Cloud Foundry Stack) and managed to adjust your script to get it working on this platform. But it looks like you have to create a private key manually and then sign the CSR manually at a CA..

I tried to jump right to the point where I can upload the Certificate from Lets'Encrypt but it was not working. See SAP instructions here.

bkrencker avatar Sep 16 '20 05:09 bkrencker

I'll get a trial account and do some testing. I haven't used SAP's CF before so am not familiar with their HTTPS setup.

bsyk avatar Sep 16 '20 16:09 bsyk

As far as I know it is not possible to use Custom Domains in trial account..

But I got a hint that it is possible with Let's Encrypt (certbot) to get a certificate chain by providing a private key and CSR.. this is what I was about to try but I did not have enough time today..

bkrencker avatar Sep 16 '20 16:09 bkrencker

See https://blog.sengotta.net/lets-encrypt-zertifikat-mit-eigenem-private-key-und-csr/

bkrencker avatar Sep 16 '20 16:09 bkrencker

Ok. Using the CSR with certbot looks promising. Let me know how it goes.

On Wed, Sep 16, 2020 at 9:14 AM bkrencker [email protected] wrote:

See https://blog.sengotta.net/lets-encrypt-zertifikat-mit-eigenem-private-key-und-csr/

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bsyk/cf-letsencrypt/issues/17#issuecomment-693510947, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABTT2EBDFN4GWVQWURQMLT3SGDP5DANCNFSM4RNEFGXA .

bsyk avatar Sep 16 '20 16:09 bsyk