I'm trying to generate a Let's Encrypt certificate for a domain but I'm not having any luck.
I consulted the numerous other issues related to the pki role but I couldn't find a clear answer. I should note that the certificate is for a domain different to that of the host's domain.
I have the following pki config in ansible/inventory/host_vars/flowww/pki.yml:
This is the output of openssl x509 -in /home ansible/secret/pki/realms/by-host/flowww.upfronthosting.co.za/staging.mycity.co.za/internal/cert.pem -text -noout:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:e5:ce:27:e5:0a:22:61:bb:38:07:0d:fa:78:21:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = Upfronthosting, OU = Domain CA
Validity
Not Before: May 26 12:26:43 2020 GMT
Not After : May 26 12:26:43 2023 GMT
Subject: CN = staging.mycity.co.za
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:60:82:86:bb:10:7f:90:f7:1e:94:9a:6e:c8:
4f:90:76:d1:35:84:ae:e4:ba:d3:b4:51:b1:c0:51:
cf:50:ca:16:95:51:69:79:1f:dd:aa:6e:8d:96:0f:
ac:47:9b:25:cd:9d:d7:a8:85:e3:cb:ae:87:16:19:
54:a8:ff:73:5f:d9:a4:a5:6d:09:4f:3e:4e:2c:b4:
d3:15:51:c3:61:99:a9:b1:fc:43:17:d9:bc:de:b7:
b7:51:ab:56:a6:6a:e6:1c:bc:b7:a0:89:6f:e8:55:
bc:64:c5:af:21:8f:53:49:c3:90:a1:63:37:51:ed:
e1:1b:ab:b4:ae:af:9b:a4:50:af:c0:cb:9d:8c:e3:
4e:43:c5:ea:02:8f:ea:ae:61:70:fe:c7:6a:62:ac:
8f:f7:c6:20:c1:2c:a9:af:00:e2:8f:2e:c2:aa:2b:
82:70:82:d7:f9:8e:71:68:a5:eb:65:1e:74:e5:3a:
60:7c:39:b7:6e:af:11:fc:1e:fa:86:9a:d1:fd:b0:
35:78:24:a7:53:07:38:fc:d2:d9:62:35:5f:f5:8c:
ad:6a:8f:c3:61:02:79:4b:70:53:66:50:2d:0a:57:
85:6a:b8:72:3d:6a:a7:c6:39:f4:58:94:6a:95:00:
90:d6:72:ba:19:ba:4c:8d:f5:64:c0:aa:a1:c8:6c:
36:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
CA Issuers - URI:http://domain-ca.upfronthosting.co.za/crt/
OCSP - URI:http://domain-ca.upfronthosting.co.za/ocsp/
X509v3 Authority Key Identifier:
keyid:36:22:C6:14:D7:FD:BF:7A:D9:07:81:0B:BF:1E:2F:22:92:1C:E7:CB
DirName:/O=Upfronthosting Certificate Authority
serial:76:33:37:78:69:9E:1D:18:A8:50:89:C7:5B:E0:2D:2D
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://domain-ca.upfronthosting.co.za/crl/
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
C1:DF:47:9E:1F:C3:53:88:3D:CE:C5:14:9E:AC:36:9B:F4:48:95:9A
X509v3 Subject Alternative Name:
DNS:staging.mycity.co.za, DNS:*.staging.mycity.co.za
Signature Algorithm: sha256WithRSAEncryption
06:f9:d8:88:2d:54:c5:49:f1:93:61:ed:a3:64:07:a0:94:02:
f4:72:a6:f0:90:e8:b9:74:9a:8d:ab:87:34:e0:9e:64:f7:57:
fe:b0:71:48:62:37:f9:5c:e4:f3:bd:86:22:96:f8:01:33:21:
fc:53:d0:b1:36:d0:39:2b:8d:48:20:22:59:64:bb:37:89:40:
52:4a:df:91:2f:4b:fa:d3:f9:88:c3:a9:67:11:cd:d9:da:84:
d9:ed:e0:7b:90:c2:70:6c:b2:e4:18:e2:bd:59:9b:23:0d:99:
4a:c9:67:6d:f6:27:88:69:ee:53:42:f8:34:dc:fa:01:19:6c:
38:e3:d6:25:6a:93:c3:1b:bf:a8:d5:13:a8:78:0c:6a:2a:76:
c1:be:f7:34:be:7c:8c:49:53:38:36:9d:54:e7:05:ba:df:9f:
a3:1c:5c:cc:62:8a:c3:ff:d8:94:a0:11:70:1f:93:e3:63:4d:
09:56:d8:b0:7f:1c:21:90:a6:e1:3c:e1:a4:0e:37:86:66:1f:
03:e0:92:2d:21:0c:07:9c:77:11:a3:9f:a1:36:bd:3f:be:f0:
ac:dd:fb:91:ac:64:e0:c1:e7:fb:70:78:d6:c6:39:fb:c6:c7:
d6:c7:9e:8c:91:f3:06:6f:5b:c2:54:ef:a1:9b:fc:34:95:27:
db:fe:de:ea:cd:ea:b3:17:b5:48:0f:01:97:c1:92:bc:44:0e:
65:6c:79:46:56:18:0f:8f:57:98:16:9d:ea:49:6f:5e:f2:13:
aa:08:9f:f7:33:1c:23:63:bf:be:23:6a:39:36:3c:c0:fe:f4:
72:d8:97:64:a5:57:69:90:46:97:8e:18:7f:d3:73:82:37:2b:
00:80:dd:bb:39:8f:dc:97:4a:26:4f:dd:51:10:86:bb:de:e9:
45:c3:eb:e5:9e:af:45:5d:03:d5:9c:df:17:be:03:c7:d9:26:
77:d8:51:0b:9f:21:28:08:a3:59:45:60:d6:a8:b5:f3:30:83:
1c:55:24:7c:5b:c1:5d:37:ac:e5:1b:e9:c9:2c:25:a6:2c:bb:
bc:66:36:f5:89:0c:f1:83:4a:33:65:69:a2:05:13:19:44:f4:
d4:f7:dc:63:c5:e1:0a:78:cc:bc:fa:86:a9:36:33:dd:5f:bd:
69:77:15:b6:4a:41:2d:7f:85:a3:30:4f:bc:01:10:50:30:3c:
6c:3f:64:d5:ea:ea:15:ca:3f:e0:01:66:85:fb:3c:7a:29:cc:
f0:b5:1b:cc:3e:47:e4:f9:ac:0e:bb:5a:ac:2e:86:b7:7f:a6:
17:47:35:d1:aa:99:57:20:b6:99:d8:af:f1:66:20:25:84:87:
c5:71:5b:fc:52:d8:bc:b2
I'm trying to generate a Let's Encrypt certificate for a domain but I'm not having any luck.
I consulted the numerous other issues related to the pki role but I couldn't find a clear answer. I should note that the certificate is for a domain different to that of the host's domain.
I have the following pki config in
ansible/inventory/host_vars/flowww/pki.yml
:I get the following error:
This is the output of
openssl x509 -in /home ansible/secret/pki/realms/by-host/flowww.upfronthosting.co.za/staging.mycity.co.za/internal/cert.pem -text -noout
:I would appreciate any help.