Using Lets Encrypt to Sign a Certificate

Using Lets Encrypt to Sign a Certificate

First of all, a private key is needed before genreate a signing request. Either use openssl

openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

or use Azure key vault specially if you want to store the certificate in Azure

  1. From KeyVault, SETTINGS->Certificates->Generate/Import, set "Type of Certificate Authority(CA)" to "Certificate issued by a non-integated CA"
    create_a_certificate
  2. Click the key created just now, choose "Certificate Operation"->"Download CSR" to download the CSR as domain.com.csr
    download_csr
    Now we are going to sign the certificate by using certbot, here are the steps
sudo -i
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot
ufw allow 80
ufw allow 443
certbot certonly --standalone --register-unsafely-without-email --csr <your_key_csr>.csr

If Azure key vault is being used, we need to "Merge Signed Request"
merge_signed_request