Let's Encrypt with no webserver

Let's Encrypt won't work without an Apache or other server installed and running, but I have a specific use machine that doesn't have or want a http server of any kind, but I would like to give it a let's encrypt cert. for port 10000 access.

I can of course setup a apache server, then tear it down every 3 months, but I was really hoping for a more elegant approach.

A single use miniserv? Fire it off on 80, get the cert, then close it down? Use the system name (which is a valid name) to make the request.

Just throwing out ideas...

Dave

Status: 
Active

Comments

In theory, Let's Encrypt also supports DNS-based validation (but this isn't implemented in Virtualmin yet).

Are you hosting the DNS domain that you want a cert for?

Yes, I do own/host the domain, its being used for other webmin servers that happen to have apache installed on them. I am fiddling with virtual host stuff, keeping the host very light, putting all the work in guests. So for ease of caring the hosts, I install webmin. Chrome makes me click 2 times! Yes, twice to get to the login screen! Unacceptable. Let's Encrypt would fix that offensive behavior, but really wants me to have a http server of some sort running.

Side personal note, cloudmin really should support bhyve, its awsome.

The right solution for this long-term is to implement DNS-based Let's Encrypt validation in Webmin / Virtualmin (which is on my TODO list)

I hadn't heard of bhyve before - it is similar to LXC, or closer to Docker / Jails?

As for the Let's Encrypt stuff, no sweat, I was just being lazy (as I noticed when I typed that last note up there). I can go ahead and setup apache, then shut it off until the server complains about the cert failing. Not like anyone but me or an employee will ever log into it anyway. When the DNS-based validation works, kill off apache and its all good.

bhyve is BSD's version of KVM etc. Read more (the progression of bhyve: https://wiki.freebsd.org/bhyve) And the plain language description at: https://www.freebsd.org/doc/handbook/virtualization-host-bhyve.html One guys story of converting to bhyve: http://justinholcomb.me/blog/2016/03/26/migration-to-freebsd-part4.html

And then after you get all bhyve'd you can get carried away and bring real support for ZFS (now that many versions of Linux do) and you will be almost all the way to supporting FreeBSD again :) There is a guy who is writing a series of shell scripts to handle bhyve host controls, I have been working with him on a few strange issues, and every time I look at the code I think this would translate into perl pretty easy for you to stick in Webmin :) (https://github.com/churchers/vm-bhyve) (yesterday with some code he wrote for me, I migrated a live Win10 guest from 1 host to another)

I'm sure you other things to do, but these could be stuck on your list of things to fiddle with later.

Wish I had started learning to code Perl way back in the beginning... I actually had to compile it myself on my first BSDi Server way back in the day (1995?) So many things have changed since then, Perl still around :)

Interesting ... although I wonder why they didn't just port KVM?

I can't say for absolute, but I bet it was BSD license vs. Linux license. Can't easily put linux code in BSD, creates issues...
Starting from scratch makes license issues moot.
Seems that drives a lot of BSD