![]() ![]() Manually install the resulting certificate / chain cert / keypair on the ASA. Then point the DNS record back at the ASA. Let certbot collect the certificate with the -certonly option. The other option: Briefly change your DNS record so that it points at an Internet-facing box where you run certbot. A message at completion time tells you where it is. After satisfying the challenge, you’ll find the certificate, chain cert(s) and key material in the certbot config tree. You’d need administrative access to your Internet-facing DNS. The easiest manual approach is likely the DNS-01 challenge with certbot’s manual plugin. I’m not sure there’s a certbot plugin which facilitates doing this manually, however. This would require configuring a self-signed TLS certificate (trustpoint) on the ASA and enabling it with the ssl trust-point command prior to LE validating challenge completion. You could manually do what the certbot-asa plugin does for you. You’re not going to be able to satisfy the HTTP-01 challenge with an ASA. Is there any other way to submit manually a CSR and get a cert back (any portal of Lets Encrypt)? Well, not more afraid of it than any other Cisco code : ) This is your local policy, I guess? Many production ASA’s have the REST API enabled. ![]() I cannot install the REST on the ASA while in production.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |