Re: [exim] Certificate name mismatch over VPN

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Certificate name mismatch over VPN
On 30/07/2021 22:40, Alain D D Williams via Exim-users wrote:
> I do not think that I can do that here. The certificate is given to me by Let's
> Encrypt (le). Le verifies the (SNI) name by asking the agent to upload a nonce
> (a file with 86 random bytes) to where it can see it via a web server.
>
> Unfortunately mint-vpn.phcomp.co.uk should only be visible via the VPN so LE
> will not verify it and so not generate & sign a certificate that contains it.


Earlier you said you could generate a cert for mint-vpn.
Now you say you're using LE certs, and your problem is that
the public name visible to LE for their very step isn't the vpn one.

I'm confused.

--
Cheers,
Jeremy