The following is outdated!
See the comment below for notes updated on 2nd December 2015.
Some notes on using the webroot domain verification process with the test ACME server (don’t do this on a live server yet!) in case anyone else wants to have a play with this — this method will be best suited for use on servers that you don’t want any downtime on when renewing certs.
Checkout and install, initially using the standalone
method, (note that the git clone
URL will be outdated when the pull request is merged), these are the steps that you need to follow on Debian Jessie servers (haven’t tested on anything else)
# delete existing copies of the code if they exist
rm -rf /your/path/letsencrypt/ /etc/letsencrypt/ /var/lib/letsencrypt/
# install in /usr/local and run using standalone once
cd /usr/local
git clone -b simplefs https://github.com/kuba/letsencrypt
cd letsencrypt/
bash bootstrap/debian.sh
virtualenv --no-site-packages -p python2 venv
./venv/bin/pip install -r requirements.txt acme/ . letsencrypt-apache/ letsencrypt-nginx/
/usr/local/letsencrypt/venv/bin/letsencrypt auth
Set up Apache (or whichever server you are running) create /etc/apache2/conf-available/letsencrypt.conf
containing:
<IfModule mod_headers.c>
<LocationMatch "/.well-known/acme-challenge/*">
Header set Content-Type "application/jose+json"
</LocationMatch>
</IfModule>
And then enable it:
a2enmod headers
a2enconf letsencrypt
Then generate a key and cert using the webroot
method, optionally supplying multiple domain names to be used as subjectAltNames (SANs)
/usr/local/letsencrypt/venv/bin/letsencrypt --renew-by-default -a webroot --webroot-path /var/www/example.org --email example@example.org --text --agree-eula --agree-tos -d example.org -d example.org.uk auth
For the cert that was created using the standalone
method to start with you can switch this to the webroot
method for renewals by editing /etc/letsencrypt/renewal/example.org
and editing:
authenticator = standalone
webroot_path = None
domains = None
Into:
authenticator = webroot
webroot_path = /var/www/example.org
domains = example.org,
Edit your server config or create symlinks to the cert.pem
, privkey.pem
and chain.pem
in /etc/letsencrypt/live/example.org
.