a README

1 files changed, 53 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..aca6d3a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,53 @@
+# lets-ca.sh
+
+## Installation
+
+Start off by making a letsencrypt-user and group.
+
+```bash
+$ sudo groupadd -r letsencrypt
+$ sudo useradd -d /etc/letsencrypt -m -r -g letsencrypt letsencrypt
+```
+You now have a directory named `/etc/letsencrypt/`, where all letsencrypt-files will go.
+
+
+Now we need to get the actual files needed, and we need to place them somewhere.
+
+```bash
+$ cd /usr/local/lib
+$ sudo git clone https://github.com/diafygi/acme-tiny.git
+$ sudo git clone https://github.com/dennisse/lets-ca.sh.git
+$ cd /usr/local/sbin
+$ sudo ln -s /usr/local/lib/acme-tiny/acme_tiny.py .
+$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh .
+```
+
+
+If you want your certificates to be automatically resigned, you might want to add the cron-file as well.
+
+```bash
+$ cd /etc/cron.weekly
+$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh-cron lets-ca-cron
+```
+
+
+Now we need to create an account-key for letsencrypt, and the challenge-dir.
+
+```bash
+$ cd /etc/letsencrypt
+$ sudo openssl genrsa 4096 > account.key
+$ sudo chmod 400 account.key
+$ chown letsencrypt:letsencrypt account.key
+$ mkdir -p /var/www/letsencrypt-challenges
+$ chown letsencrypt:letsencrypt /var/www/letsencrypt-challenges
+```
+
+
+Now you need a good openssl.cnf in /etc/letsencrypt. Go make it.
+
+And, lastly, we need the cross-signed cert from letsencrypt.
+
+```bash
+$ cd /etc/ssl
+$ wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
+```