Letsencrypt certficates are issued by valid public CAs Certbot tool works with any ACME compliant CA to automate certificate acquistion process.
Setup a basic nginx web server as CA authenticator in AWS with HTTP access:
SSH into nginx and create .well-known folder
mkdir /tmp/.well-known
Modify nginx conf to add following section. The webroot plugin in certbot uses this folder structure to authenticate the domain ownership.
server {
root /tmp;
location /.well-known {
allow all;
}
}
Use noip service to map all domains (free version allows 3 active domains) you want to include in the certficate to your webserver public IP.
Do a quick curl test to make sure you can reach to /.well-known using all of above domains
curl http://webtask.servepics.com/.well-known/
At this stage, we can launch certbot to generate a certficate for all the domains required by appliance
./certbot-auto certonly -a webroot --webroot-path=/tmp -d manage.servepics.com -d webtask.servepics.com -d auth.servepics.com
Convert to pfx format
openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in fullchain.pem