Parliament Hill Computers LtdParliament Hill Computers Ltd

How to Configure Let's Encrypt with acme_tiny.py


Overview

Who are you ?

You maintain one or more web Apache servers on Unix/Linux systems. You do so by maintaining the httpd.conf by hand — ie not via a configuration wizard. You like to understand what you are doing — not just apply a recipe and hope that it works.

Why are you here ?

You have been meaning to get round to this for some time, but have not because of one or more of ...

What you will find here

Notes and scripts that will let you set this all up in about an hour.

There are a set of pages that explain what and why needs to be done, also some simple scripts to help with the setup and running of Let's Encrypt interaction. A simple template OpenSSL.cnf file is provided with explanation of how you tweak it for your site.

You will need to reconfigure Apache in two phases.

You can start by downloading phcl_acme-1.4.tar.gz

These instructions work with both Apache 2.2 & 2.4

Pages in this tutorial

  1. Big picture — why do we SSL need certificates anyway ?
  2. How Let's Encrypt works
  3. OpenSSL Certificate families and Let's Encrypt Accounts
  4. Overview of how phcl_acme works with acme_tiny
  5. Install of phcl_acme
  6. Understanding and generating OpenSSL.cnf files
  7. First edit of Apache configuration — for Let's Encrypt challenge-response
  8. Generate, test & ask Let's Encrypt to sign a Certificate Signing Request
  9. Second edit of Apache configuration to install certificates
  10. Ongoing maintenance

Return to tutorial home.

If you want any help using the above, or have any comments or suggestions, please contact us.