I can request the wildcard certificates easily enough
sudo certbot -d example.com -d *.example.com --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory certonly
I get generated three files:
privkey = /etc/letsencrypt/live/example.com/privkey.pem
chain = /etc/letsencrypt/live/example.com/chain.pem
fullchain = /etc/letsencrypt/live/example.com/fullchain.pem
Can anyone advise what openssl commands I can use to convert these .pem files to the required format needed for Prism Central/Prism Element? I have attempted multiple commands from https://www.sslsupportdesk.com/openssl-commands/ but I can't seem to find the exact one.
I can also grab the intermediate/root certificates from here if I need additional certs.
I'm looking to ultimately find a way to script this process as well, so if anyone knows how to replace the certs in Prism Central/Prism Element via CLI, I would appreciate that too. Initially though, I'd be happy just finding the correct certificate format to use.
Best answer by Reinder
OK i'll post this here since this is top post if you google nutanix prism letsencrypt.
To answer your question, openssl is not needed to convert the certificates.
What is tricky is to get Nutanix to take the chain.pem, after some frustrating tries I got it to work like this:
ncli ssl-certificate import certificate-path=/full/path/to/cert.pem cacertificate-path=/full/path/to/mychain.pem key-path=/full/path/to/privkey.pem key-type="RSA_2048"
Where mychain.pem I created by combining https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt with https://letsencrypt.org/certs/isrgrootx1.pem.txt
So cat letsencryptauthorityx3.pem.txt isrgrootx1.pem.txt > mychain.pem
Hope this helps someone,
Reinder - TriOpSys - NL