# lets-ca.sh

## Installation

Start off by making a letsencrypt-user and group.

```bash
$ sudo groupadd -r letsencrypt
$ sudo useradd -d /etc/letsencrypt -m -r -g letsencrypt letsencrypt
```
You now have a directory named `/etc/letsencrypt/`, where all letsencrypt-files will go.


Now we need to get the actual files needed, and we need to place them somewhere.

```bash
$ cd /usr/local/lib
$ sudo git clone https://github.com/diafygi/acme-tiny.git
$ sudo git clone https://github.com/dennisse/lets-ca.sh.git
$ cd /usr/local/sbin
$ sudo ln -s /usr/local/lib/acme-tiny/acme_tiny.py .
$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh .
```


If you want your certificates to be automatically resigned, you might want to add the cron-file as well.

```bash
$ cd /etc/cron.weekly
$ sudo ln -s /usr/local/lib/lets-ca.sh/lets-ca.sh-cron lets-ca-cron
```


Now we need to create an account-key for letsencrypt, and the challenge-dir.

```bash
$ cd /etc/letsencrypt
$ sudo openssl genrsa 4096 > account.key
$ sudo chmod 400 account.key
$ chown letsencrypt:letsencrypt account.key
$ mkdir -p /var/www/letsencrypt-challenges
$ chown letsencrypt:letsencrypt /var/www/letsencrypt-challenges
```


Now you need a good openssl.cnf in /etc/letsencrypt. Go make it.

And, lastly, we need the cross-signed cert from letsencrypt.

```bash
$ cd /etc/ssl
$ wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
```