Let's Encrypt for Internal Servers

michelandre · 2019-03-13 21:00:41 UTC

Hi all,

On page: https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers

Will it be possible to add the –test with a little explanation so people won’t get their 5/7 limit whith Let’s Encrypt.

Also, add a note about rebooting the server after the configuration and before asking the certificate as rebooting will destroy the exportation of the Global API key ( CF_Key) and email address ( CF_Email). That is the reason I got the limit …

Thank you Dan for that great wiki page on Let’s Encrypt for internal NethServer

Michel-André

LayLow · 2019-03-13 21:10:02 UTC

@michelandre, would you be able to adjust the page as a start? Refinement can be done by all. Most important is that it is mentioned to start with. Good catch!

TIA

danb35 · 2019-03-13 23:24:30 UTC

It’s a wiki page, so anyone can edit it, but I’d agree that discussion of --test would be useful. However,

this doesn’t make much sense. If you rebooted between setting the key/email and running the acme.sh command (seriously, why?), validation would fail. And there is a rate limit for failed validations, but it resets after an hour. The only rate limit that’s on a seven-day cycle is the “identical certs” rate limit–you can’t issue more than five identical certs within a seven-day period.

michelandre · 2019-03-14 01:53:32 UTC

Hi danb35,

You are right. It was the failed validation limit that I reached. I didn’t know it resets after an hour.

Michel-André