Cloud Foundry upload fullchain.pem

[bkrencker]

Hi Ben

I am stuck with the certificates after successfully generating them. I have four files from letsencrypt but I am unsure how to proceed next with those files.

1. cert.pem
2. chain.pem
3. fullchain.pem
4. privkey.pem

It should be possible to upload fullchain1.pem certificate to Cloud Foundry to a Custom Domain but I do not find the right commands in the CLI. Could you please clarify about the steps needed after the certificates are created with Let's Encrypt?

Best regards, Ben

[bsyk]

Certificates for custom domains are handled differently depending on who your cloud foundry provider is. You should be able to find instructions on their help pages. Let's Encrypt certificates can be treated in the same way as any other certificate from this point on in the process.

Which cloud foundry provider are you using?

If you're using IBM's Bluemix there is a fork of this repo that will handle uploading the certs automatically for you. https://github.com/ibmjstart/bluemix-letsencrypt

[bkrencker]

I try to get it working on SAP Cloud Platform (Cloud Foundry Stack) and managed to adjust your script to get it working on this platform. But it looks like you have to create a private key manually and then sign the CSR manually at a CA..

I tried to jump right to the point where I can upload the Certificate from Lets'Encrypt but it was not working. See SAP instructions here.

[bsyk]

I'll get a trial account and do some testing. I haven't used SAP's CF before so am not familiar with their HTTPS setup.

[bkrencker]

As far as I know it is not possible to use Custom Domains in trial account..

But I got a hint that it is possible with Let's Encrypt (certbot) to get a certificate chain by providing a private key and CSR.. this is what I was about to try but I did not have enough time today..

[bkrencker]

See https://blog.sengotta.net/lets-encrypt-zertifikat-mit-eigenem-private-key-und-csr/

[bsyk]

Ok. Using the CSR with certbot looks promising. Let me know how it goes.

On Wed, Sep 16, 2020 at 9:14 AM bkrencker notifications@github.com wrote:

See https://blog.sengotta.net/lets-encrypt-zertifikat-mit-eigenem-private-key-und-csr/

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bsyk/cf-letsencrypt/issues/17#issuecomment-693510947, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABTT2EBDFN4GWVQWURQMLT3SGDP5DANCNFSM4RNEFGXA .