The certificate should have *CA:true* set for act a CA for dynamic signing certificates by Squid. Most probably, Let's Encrypt will ignore this constraint in CSR. 2018-03-05 12:33 GMT-03:00 Chris Adams <linux at cmadams.net>: > Once upon a time, Valeri Galtsev <galtsev at kicp.uchicago.edu> said: > > https://letsencrypt.org/ > > > > - you will have to run web server to have certificate signed by > > them > > Not necessarily - we do most of our Let's Encrypt validation with DNS > rather than HTTP. > -- > Chris Adams <linux at cmadams.net> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >