Export client certificate from Let's Encrypt certificates
Solution 1
You need to keep /etc/letsencrypt/live/my-client-server-domain/privkey.pem
private as it contains the private key for your certificate.
You can hand out one ofthese two files:
/etc/letsencrypt/live/my-client-server-domain/chain.pem
/etc/letsencrypt/live/my-client-server-domain/fullchain.pem
You might want to share the /etc/letsencrypt/live/my-client-server-domain/fullchain.pem
as it contains intemediate certificates if those were used by Let's Encrypt. The recipient can extract your certificate from it in case it is needed.
Solution 2
Use the certbot certificates
sub command to display your certificate files if you don't exactly know which file(s) you need. You can use the -d [hostname]
option if you have more than hostname/domainname configured:
certbot certificates -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following matching certs:
Certificate Name: server.example.com
Domains: server.example.com mail.example.com www.example.com example.com
Expiry Date: 2018-09-30 12:45:28+00:00 (VALID: 82 days)
Certificate Path: /etc/letsencrypt/live/server.example.com/fullchain.pem <====
Private Key Path: /etc/letsencrypt/live/server.example.com/privkey.pem
-------------------------------------------------------------------------------
In any public key cryptography you only need to keep the aptly named "Private Key" data private and secure, and you can (and usually must) share the public key/certificate freely, so share the fullchain.pem
file from what certbot
calls the "certificate path".
Related videos on Youtube
Alfred Balle
Updated on September 18, 2022Comments
-
Alfred Balle over 1 year
I'm running
Debian
and havecertbot
for creatingLet's Encrypt
certificate.I act as client towards a TLS server, and needs to handover my client certificate for approval.
I've got the following files generated by
certbot
:/etc/letsencrypt/live/my-client-server-domain/privkey.pem /etc/letsencrypt/live/my-client-server-domain/fullchain.pem /etc/letsencrypt/live/my-client-server-domain/chain.pem
Which certificate should I handover, and is it safe to share public?