So I tried before with the test CA and successfully obtained a (non-trusted) certificate, but did not attempt to install it. Now I got my beta invite so I figure I know I can get a real cert if I want (or so I thought - see below), but I might as well make the most of it by testing the Apache installer. Also, my “server” (a raspberry pi) already has a self-signed cert, and I was curious how the client would handle that. Here’s how it went.
First I ran:
./letsencrypt-auto --server https://acme-v01.api.letsencrypt.org/directory
and got the following error:
No installers seem to be present and working on your system; fix that or try running letsencrypt with the "certonly" command
Searched the forum and found this is the expected error if you try to run the client against nginx or something else. But I’m using Apache on Debian (or more precisely Raspbian) so that can’t be it. Digging deeper, I tried specifying the
--apache option explicitly (and forgoing letsencrypt-auto from here on because it’s a raspberry pi and I have better things to do with my time than wait for pip over and over while testing):
sudo ~/.local/share/letsencrypt/bin/letsencrypt --server https://acme-v01.api.letsencrypt.org/directory --apache
which gives me a more helpful error message:
The apache plugin is not working; there may be problems with your existing configuration. The error was: PluginError(('There has been an error in parsing the file (%s): %s', u'/etc/apache2/sites-enabled/default-ssl.conf', u'Syntax error'),)
I’d seen this one before while playing with the test CA: my config syntax is fine, but there’s something in it that the parser doesn’t understand. A line number would have been useful. Anyway, by trial and error I found that the following lines were the culprits, and commented them out:
RewriteRule ^\.well-known/carddav /owncloud/remote.php/carddav/ [L,R=301] RewriteRule ^\.well-known/caldav /owncloud/remote.php/caldav/ [L,R=301]
Next attempt got as far as trying to request a certificate and failing due to rate limiting. I have a free domain at a dynamic DNS service and the rate limit appears to apply to the parent domain, so I guess there’s nothing I can do about that for now?
Never did find out if the Apache installer works.