Thanks chaps. I think I have it now. Would someone please try https://ni2o.ampr.org

Also, with ths manual method do I have to renew the cert every 3 months? The acme/certbot tool will take care of that for you automatically. Not sure about the manual method though.

I gave it some more thought and opted for individual certs fo the servers in the end. other .ni2o.ampr.org services will get SSL over the weekend.

Mark / NI2O

On Thu, Oct 30, 2025 at 8:53 AM Cory (NQ1E) <cory@nq1e.hm> wrote:

The actual problem depends on which error message you're getting.

ampr.org doesn't seem to be opting out of certificate issuance with DNS CAA records, so you should be able to get one. However, the HTTP validation method will be the only one available to you. That means the machine you're running the ACME client on will need to be able to accept incoming connections on port 80 from the public Internet, at the IP address behind your FQDN.

On Thu, Oct 30, 2025, 05:10 Mark Phillips via 44net <44net@mailman.ampr.org> wrote:
Hi Folks,

I'm having some trouble trying to get LetsEncrypt SSL certificates authorised for use on my WWW devices. The issue seems to be that I do not have control of the TLD and so I can never authorise the issuing of the certificate.

I've tried *.ni2o.ampr.org (generic catch all), fqdn.ni2o.ampr.org (device specific) and many other variations but they all fail at the authorizing of the cert.

What am I doing wrong? I'm using LetEncrypt (free not-for-profit) SSL certificates successfully in other areas but i do control the domain for those.

Thanks for your help

Mark / G7LTT
_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org