letsencrypt-helpers

author: Peter Palfrader <peter@palfrader.org> 2015-12-31 10:22:24 +0100
committer: Peter Palfrader <peter@palfrader.org> 2015-12-31 10:22:29 +0100
commit: 0da8acf8974c5d51fd84291091d1f7a1fd8c1176 (patch)
tree: cc77283ef62eb3709e3d86b2648dce98216f6ddc /letsencrypt-helpers/README
parent: 1a05913e3896133c7654b6a9d0dc4ae077ce4df5 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/letsencrypt-helpers/README b/letsencrypt-helpers/README
new file mode 100644
index 0000000..f33a31c
--- /dev/null
+++ b/letsencrypt-helpers/README
@@ -0,0 +1,23 @@
+
+Requirements:
+
+o This assume that acme-tiny is cloned to ~/acme-tiny
+o Furthermore, that there is a ~/acme-challenge and that is aliased in apache:
+ | Alias "/.well-known/acme-challenge" "/srv/letsencrypt/acme-challenge"
+o Also, we want an account key in ~:
+  (umask 277 && ! [ -e account.key ] && openssl genrsa 4096 > account.key)
+o And you want the letsencrypt chain file letsencryptauthorityx1.pem
+  in ~/certs/extra
+o Optionally, a dh file in ~/certs/extra/dh-4096.pem
+  openssl dhparam -out ~/certs/extra/dh-4096.pem 4096
+o And you want this bin directory in PATH for your letsencrypt role user.
+
+
+Usage:
+  o vhost-step-1 creates a new key, a new csr, and creates a .crt file
+  o After that, enable your new vhost
+  o vhost-step-2 then does the letsencrypt challenge stuff, and updates the .crt file
+
+Continued maintenance:
+  o run renew-as-required from cron, probably using chronic.
+
author	Peter Palfrader <peter@palfrader.org>	2015-12-31 10:22:24 +0100
committer	Peter Palfrader <peter@palfrader.org>	2015-12-31 10:22:29 +0100
commit	0da8acf8974c5d51fd84291091d1f7a1fd8c1176 (patch)
tree	cc77283ef62eb3709e3d86b2648dce98216f6ddc /letsencrypt-helpers/README
parent	1a05913e3896133c7654b6a9d0dc4ae077ce4df5 (diff)