From 9c9574f8479ba7032e4fa904d379e8d73bce25e6 Mon Sep 17 00:00:00 2001 From: Dennis Eriksen Date: Thu, 18 Feb 2016 11:15:25 +0100 Subject: a README --- README.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..aca6d3a --- /dev/null +++ b/README.md @@ -0,0 +1,53 @@ +# lets-ca.sh + +## Installation + +Start off by making a letsencrypt-user and group. + +```bash +$ sudo groupadd -r letsencrypt +$ sudo useradd -d /etc/letsencrypt -m -r -g letsencrypt letsencrypt +``` +You now have a directory named `/etc/letsencrypt/`, where all letsencrypt-files will go. + + +Now we need to get the actual files needed, and we need to place them somewhere. + +```bash +$ cd /usr/local/lib +$ sudo git clone https://github.com/diafygi/acme-tiny.git +$ sudo git clone https://github.com/dennisse/lets-ca.sh.git +$ cd /usr/local/sbin +$ sudo ln -s /usr/local/lib/acme-tiny/acme_tiny.py . +$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh . +``` + + +If you want your certificates to be automatically resigned, you might want to add the cron-file as well. + +```bash +$ cd /etc/cron.weekly +$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh-cron lets-ca-cron +``` + + +Now we need to create an account-key for letsencrypt, and the challenge-dir. + +```bash +$ cd /etc/letsencrypt +$ sudo openssl genrsa 4096 > account.key +$ sudo chmod 400 account.key +$ chown letsencrypt:letsencrypt account.key +$ mkdir -p /var/www/letsencrypt-challenges +$ chown letsencrypt:letsencrypt /var/www/letsencrypt-challenges +``` + + +Now you need a good openssl.cnf in /etc/letsencrypt. Go make it. + +And, lastly, we need the cross-signed cert from letsencrypt. + +```bash +$ cd /etc/ssl +$ wget https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem +``` -- cgit v1.2.3