Parliament Hill Computers LtdParliament Hill Computers Ltd

How to Configure Let's Encrypt with acme_tiny.py


Overview

Who are you ?

You maintain one or more web Apache or Nginx servers on Unix/Linux systems. You do so by maintaining the httpd.conf by hand — ie not via a configuration wizard. You like to understand what you are doing — not just apply a recipe and hope that it works.

Why are you here ?

You have been meaning to get round to this for some time, but have not because of one or more of ...

What you will find here

Notes and scripts that will let you set this all up in about an hour.

There are a set of pages that explain what and why needs to be done, also some simple scripts to help with the setup and running of Let's Encrypt interaction. A simple template OpenSSL.cnf file is provided with explanation of how you tweak it for your site.

You will need to reconfigure Apache/Nginx in two phases.

You can start by downloading the latest LetsEncryptManage

These instructions work with both Apache 2.2 & 2.4 and also Nginx. The tar file contains some snippets of sample configuration file.

This includes acme_tiny which you can see at https://github.com/diafygi/acme-tiny

Pages in this tutorial

  1. Big picture — why do we SSL need certificates anyway ?
  2. How Let's Encrypt works
  3. OpenSSL Certificate families and Let's Encrypt Accounts
  4. Overview of how phcl_acme works with acme_tiny
  5. Install of phcl_acme
  6. Understanding and generating OpenSSL.cnf files
  7. First edit of Apache configuration — for Let's Encrypt challenge-response
  8. Generate, test & ask Let's Encrypt to sign a Certificate Signing Request
  9. Second edit of Apache configuration to install certificates
  10. Ongoing maintenance
  11. Chaining Let's Encrypt Certificates
  12. Using Let's Encrypt certificates in a non web environment

Return to tutorial home.

If you want any help using the above, or have any comments or suggestions, please contact us.