I am testing on Alpine Linux with Hiawatha as a Reverse Proxy inside lxc
.
I have self-signed certificates created in PEM format.
The following settings for the challenge
directory work for a Hiawatha Reverse Proxy:
VirtualHost {
Hostname .........
Alias = /.well-known/acme-challenge:/var/www/letsencrypt/.well-known/acme-challenge
TLScertFile = /path/to/key.pem
ReverseProxy !^/.well-known/ http://xxxxxxxx:80 keep-alive
}
For testing the webroot
method I used
letsencrypt certonly --debug --staging --agree-tos --text --email $email --webroot -w $webroot -d $domain -d www.$domain
For a normal certificate:
letsencrypt certonly --debug --agree-tos --text --email $email --webroot -w $webroot -d $domain -d www.$domain
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/xxxxxxxxxxx/fullchain.pem. Your
cert will expire on 2016-04-18. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
I have put some more notes here for Hiawatha & NGINX as reverse proxy or standalone webservers with letsencrypt