Completely automated setup?

joeshaw · November 5, 2015, 6:35pm

Is it possible to have a certificate issued in a completely automated way, for example as part of provisioning a new host?

I haven’t been able to figure out yet how to get a certificate issued without the interactive terminal UI popping up, although I am close. If I run it like so:

letsencrypt --server https://acme-v01.api.letsencrypt.org/directory \
    -d foo.example.net --agree-dev-preview --agree-tos \
    certonly

The UI pops up and asks me only for my email address. It looks like the --account option is the way to go, but if I provide my email address with it:

letsencrypt --server https://acme-v01.api.letsencrypt.org/directory \
    -d foo.example.net --agree-dev-preview --agree-tos --account joe@example.net \
    certonly

I get the error:

Account at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/joe@example.net does not exist

Ultimately I’d like to add this as a template to something like ansible so we can get certificates issued automatically for new hosts as we provision them, but that means it needs to be completely free of any human interaction.

Anyone have any ideas? Am I heading in the right direction?

benjaminarthurt · November 5, 2015, 7:39pm

I believe it should be

--email joe@example.net

Instead of --account. See: The Let’s Encrypt project — letsencrypt latest documentation

joeshaw · November 5, 2015, 7:46pm

That did it, thanks a lot!

benjaminarthurt · November 5, 2015, 7:59pm

You may also want to look into using the config files if you are going to be repeating the process over and over. Docs: http://letsencrypt.readthedocs.org/en/latest/using.html#configuration-file

An example of the config file I’m using to issue my certs here: https://copy.mx/view/c8f5d857