blob: bb6daa4d48cfa4c75b26eb30e71a8071c4d45433 (
plain) (
tree)
|
|
# lets-ca.sh
## Installation
Start off by making a letsencrypt-user and group.
```bash
$ sudo groupadd -r letsencrypt
$ sudo useradd -d /etc/letsencrypt -m -r -g letsencrypt letsencrypt
```
You now have a directory named `/etc/letsencrypt/`, where all letsencrypt-files will go.
Now we need to get the actual files needed, and we need to place them somewhere.
```bash
$ cd /usr/local/lib
$ sudo git clone https://github.com/diafygi/acme-tiny.git
$ sudo git clone https://github.com/dennisse/lets-ca.sh.git
$ cd /usr/local/sbin
$ sudo ln -s /usr/local/lib/acme-tiny/acme_tiny.py .
$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh .
```
If you want your certificates to be automatically resigned, you might want to add the cron-file as well.
```bash
$ cd /etc/cron.weekly
$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh-cron lets-ca-cron
```
Now we need to create an account-key for letsencrypt, and the challenge-dir.
```bash
$ cd /etc/letsencrypt
$ sudo openssl genrsa 4096 > account.key
$ sudo chmod 400 account.key
$ chown letsencrypt:letsencrypt account.key
$ mkdir -p /var/www/letsencrypt-challenges
$ chown letsencrypt:letsencrypt /var/www/letsencrypt-challenges
```
Now you need a good openssl.cnf in /etc/letsencrypt. Go make it.
And, lastly, we need the cross-signed cert from letsencrypt.
```bash
$ cd /etc/ssl
$ wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
```
|
