lets-ca.sh

Installation

Start off by making a letsencrypt-user and group.

$ sudo groupadd -r letsencrypt
$ sudo useradd -d /etc/letsencrypt -m -r -g letsencrypt letsencrypt

You now have a directory named /etc/letsencrypt/, where all letsencrypt-files will go.

Now we need to get the actual files needed, and we need to place them somewhere.

$ cd /usr/local/lib
$ sudo git clone https://github.com/diafygi/acme-tiny.git
$ sudo git clone https://github.com/dennisse/lets-ca.sh.git
$ cd /usr/local/sbin
$ sudo ln -s /usr/local/lib/acme-tiny/acme_tiny.py .
$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh .

If you want your certificates to be automatically resigned, you might want to add the cron-file as well.

$ cd /etc/cron.weekly
$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh-cron lets-ca-cron

Now we need to create an account-key for letsencrypt, and the challenge-dir.

$ cd /etc/letsencrypt
$ sudo openssl genrsa 4096 > account.key
$ sudo chmod 400 account.key
$ chown letsencrypt:letsencrypt account.key
$ mkdir -p /var/www/letsencrypt-challenges
$ chown letsencrypt:letsencrypt /var/www/letsencrypt-challenges

Now you need a good openssl.cnf in /etc/letsencrypt. Go make it.

And, lastly, we need the cross-signed cert from letsencrypt.

$ cd /etc/ssl
$ wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem