[BlueOnyx:20413] Re: LetsEncrypt Expand

[Colin Jack]

Hi Michael,

    Please take a look at this URL, where you can see the code for the
    BlueOnyx Handler that generates and installs the LE certs:
    
    http://devel.blueonyx.it/trac/browser/BlueOnyx/5207R/ui/base-ssl.mod/glue/handlers/le_install.pl
    
    In line 103 you can see the command and the options that we pass to
    letsencrypt-auto.
    
    Starting in line 173 there are further steps to convert the received
    certificate from PKCS#8 to PKCS#1, so that we can import it into the
    GUI. See line 183 for the command for the conversion.
    
    Now here is something else what you can do: Find that Handler on your
    BlueOnyx at /usr/sausalito/handlers/base/ssl/le_install.pl and set the
    $DEBUG variable in line 8 from 0 to 1 and save the changes.
    
    Then use the GUI to create an AdmServ SSL cert while you run "tail -f
    /var/log/messages" in a shell. That will tell you exactly what commands
    the handler used to request the cert as it will also show you which
    variable values it passed on to letsencrypt-auto.
    
Cracked it! 

Thank you for your help – couldn’t have done it without. ;)

If anybody is interested the command is:
 
/usr/sausalito/letsencrypt/letsencrypt-auto --text --no-self-upgrade certonly -a webroot --webroot-path /var/www/html -d sub1.company.com -d sub2.company.com --email admin at company.com --rsa-key-size 4096 --agree-tos  --renew-by-default --user-agent BlueOnyx.it

This will create a new key which you copy to /etc/admserv/certs and a new cert; then use the GUI to import the new certificate. Voila.

Regards

Colin