I want to share my experience with setting up letsencrypt on a server with OpenSUSE 13.2 and apache2 to create a kind of tutorial.
I suppose you have a running apache2 web server with a virtual host config file named
/etc/apache2/vhosts.d/mydomain.example.com.conf for the domain
Log in to your server by ssh, make yourself root. Then:
1. Install required extra packages
zypper in git
On OpenSUSE 13.2 you will also need (versions of python > 2.7.8 probably will not require this):
zypper in python-pyOpenSSL
2. Install letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
3.Configure data for letsencrypt
Create a file
/etc/letsencrypt/cli.ini with this contents:
rsa-key-size = 4096 email = email@example.com authenticator = webroot webroot-path = /srv/www/vhosts/mydomain.example.com domain = mydomain.example.com
Obviously the webroot path must reflect the value of
DocumentRoot in your server configfile
/etc/apache2/vhosts.d/mydomain.example.com.conf, and email should be your address.
4. Get your certificate
./letsencrypt-auto certonly -c /etc/letsencrypt/cli.ini
5. Configure the https server
If step 4 was successful, you’ll find your certificates in
/etc/letsencrypt/live/mydomain.example.com/. Now you need to configure your apache2 to use these certificates. At first copy your http config file to a https config file:
cp -a /etc/apache2/vhosts.de/mydomain.example.com.conf /etc/apache2/vhosts.de/mydomain.example.com-ssl.conf
In that newly created file modify the lines containing “<virtualhost …>” and “ServerName” by appending “:443” to IPs resp. domain name (resp. replacing “:80” by “:443”). After these lines add the following lines:
SSLEngine on SSLCertificateFile /etc/letsencrypt/live/mydomain.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.example.com/privkey.pem
If you like, you may adjust the Logfile names (if you have the “combined” parameter in CustomLog, you may substitute that by “ssl_combined”).
Now make sure to have ssl activated in
APACHE_MODULES="[...] ssl [...]"
Now restart the apache2 server (after a check):
rcapache2 configtest rcapache2 restart
6. Renewal of the certificate
If all that was successful, you may wait two months (not more than 89 days) to renew your certifcate by repeating step 4. The apache2 server does not need any new configuration, but (possibily?) a restart.