The following is outdated!
See the comment below for notes updated on 2nd December 2015.
Some notes on using the webroot domain verification process with the test ACME server (don't do this on a live server yet!) in case anyone else wants to have a play with this — this method will be best suited for use on servers that you don't want any downtime on when renewing certs.
Checkout and install, initially using the
standalone method, (note that the
git clone URL will be outdated when the pull request is merged), these are the steps that you need to follow on Debian Jessie servers (haven't tested on anything else)
# delete existing copies of the code if they exist
rm -rf /your/path/letsencrypt/ /etc/letsencrypt/ /var/lib/letsencrypt/
# install in /usr/local and run using standalone once
git clone -b simplefs https://github.com/kuba/letsencrypt
virtualenv --no-site-packages -p python2 venv
./venv/bin/pip install -r requirements.txt acme/ . letsencrypt-apache/ letsencrypt-nginx/
Set up Apache (or whichever server you are running) create
Header set Content-Type "application/jose+json"
And then enable it:
Then generate a key and cert using the
webroot method, optionally supplying multiple domain names to be used as subjectAltNames (SANs)
/usr/local/letsencrypt/venv/bin/letsencrypt --renew-by-default -a webroot --webroot-path /var/www/example.org --email firstname.lastname@example.org --text --agree-eula --agree-tos -d example.org -d example.org.uk auth
For the cert that was created using the
standalone method to start with you can switch this to the
webroot method for renewals by editing
/etc/letsencrypt/renewal/example.org and editing:
authenticator = standalone
webroot_path = None
domains = None
authenticator = webroot
webroot_path = /var/www/example.org
domains = example.org,
Edit your server config or create symlinks to the