wiki:letsencrypt

How to configure x509 on any MF/PL Server using letsencrypt

If this is for a regular web site handled by our control panel

Follow the user facing documentation on setting up a x509 certificate.

If the machine is a mosh

Edit the server's .pp file and add the following to the "m_mosh" class declaration:

  x509_method => "letsencrypt"

If the server is not a mosh, but is running apache

Run:

mf-certbot /etc/apache2/sites-enables/SITE.CONF

Complete the path above pointing to the web configuration file configured to respond to the domains you want certified.

If the server is not a mosh and is running nginx

mf-certbot can parse nginx configs as well. Make sure you've set both the servername and root directive in your config file. You can drop the stanza below into your server block to deal with the authentication files.

    location /.well-known/ {
        root /var/www/html;
    }

If the server not a mosh and is not running a web server

Run:

mf-certbot domain.org www.domain.org another.domain.org

Updates

The letsecnrypt software will automatically update the certificates every 3 months

To do

Add a restart command to the post-certify hook of letsecnrypt?

Last modified 3 years ago Last modified on Aug 22, 2016, 12:00:45 AM