The following is outdated!
See the comment below for notes updated on 2nd December 2015.
Some notes on using the webroot domain verification process with the test ACME server (don’t do this on a live server yet!) in case anyone else wants to have a play with this — this method will be best suited for use on servers that you don’t want any downtime on when renewing certs.
Checkout and install, initially using the
standalone method, (note that the
git clone URL will be outdated when the pull request is merged), these are the steps that you need to follow on Debian Jessie servers (haven’t tested on anything else)
# delete existing copies of the code if they exist rm -rf /your/path/letsencrypt/ /etc/letsencrypt/ /var/lib/letsencrypt/ # install in /usr/local and run using standalone once cd /usr/local git clone -b simplefs https://github.com/kuba/letsencrypt cd letsencrypt/ bash bootstrap/debian.sh virtualenv --no-site-packages -p python2 venv ./venv/bin/pip install -r requirements.txt acme/ . letsencrypt-apache/ letsencrypt-nginx/ /usr/local/letsencrypt/venv/bin/letsencrypt auth
Set up Apache (or whichever server you are running) create
<IfModule mod_headers.c> <LocationMatch "/.well-known/acme-challenge/*"> Header set Content-Type "application/jose+json" </LocationMatch> </IfModule>
And then enable it:
a2enmod headers a2enconf letsencrypt
Then generate a key and cert using the
webroot method, optionally supplying multiple domain names to be used as subjectAltNames (SANs)
/usr/local/letsencrypt/venv/bin/letsencrypt --renew-by-default -a webroot --webroot-path /var/www/example.org --email firstname.lastname@example.org --text --agree-eula --agree-tos -d example.org -d example.org.uk auth
For the cert that was created using the
standalone method to start with you can switch this to the
webroot method for renewals by editing
/etc/letsencrypt/renewal/example.org and editing:
authenticator = standalone webroot_path = None domains = None
authenticator = webroot webroot_path = /var/www/example.org domains = example.org,
Edit your server config or create symlinks to the