A Linux administrator must secure an Apache knowledge-base server running on CentOS. Management insists that the site be reachable over HTTPS without browser trust warnings, incur no recurring certificate fees, and demand minimal ongoing manual work from the IT staff.
Which solution BEST satisfies all of these requirements?
Request a domain-validated certificate from a no-cost publicly trusted CA (for example, Let's Encrypt) using an ACME client and enable automatic renewal.
Sign the server certificate with the organization's internal PKI root and instruct every device owner to install the root certificate.
Create a self-signed certificate with OpenSSL and email the CA certificate to all users so they can import it manually.
Purchase a multi-year wildcard certificate from a commercial certificate authority and install it on the server.
A certificate obtained from a no-cost, publicly trusted certificate authority (CA) such as Let's Encrypt is free, automatically recognized by all major operating-system and browser trust stores, and can be renewed non-interactively with an ACME client like certbot. This combination removes recurring license costs and keeps administrative overhead low.
A self-signed certificate is free, but browsers will warn users unless every device manually installs the self-signed root, creating warnings and significant overhead.
Purchasing a wildcard certificate from a commercial CA eliminates warnings but introduces recurring costs, violating the cost constraint.
Signing the certificate with the organization's internal PKI avoids licensing fees, yet every unmanaged or BYOD device would still need the internal root certificate installed, producing the same trust-store distribution burden that management wants to avoid. Therefore, the no-cost publicly trusted CA with automated renewal is the best choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a publicly trusted certificate authority (CA)?
Open an interactive chat with Bash
What is the ACME protocol and how does it work?
Open an interactive chat with Bash
Why isn't a self-signed certificate recommended for production servers?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .