Let's Encrypt (ACME) support for Apache httpd
C Python M4 Makefile
Switch branches/tags
Nothing to show
Permalink
Failed to load latest commit information.
docs/httpd
m4 adding ax_check_compile macros to repository May 29, 2017
mod_md.xcodeproj tests: add test for automatic md name pickup Aug 15, 2017
patches adding a 2.4.x version of the mod_ssl v2 patch Aug 3, 2017
src v0.7.0-rc4 Aug 17, 2017
test v0.7.0-rc Aug 17, 2017
.gitignore v0.7.0-rc6 Aug 17, 2017
AUTHORS doc updates Jul 28, 2017
COPYING
ChangeLog v0.7.0-rc5 Aug 17, 2017
DISCUSS initial, empty mod_md setup May 3, 2017
INSTALL Fixing link issue under Win32. Text refs to http2 cleaned up. Aug 1, 2017
LICENSE initial, empty mod_md setup May 3, 2017
Makefile.am
NEWS initial, empty mod_md setup May 3, 2017
README initial, empty mod_md setup May 3, 2017
README.md
TODO.md drive tests: check that account key is encrypted Jul 18, 2017
configure.ac v0.7.0-rc Aug 17, 2017

README.md

mod_md - Everybody Spies

Copyright 2017 greenbytes GmbH

This repository contains mod_md, a module for Apache httpd that adds support for Let's Encrypt (and other ACME CAs).

This code here is to help people review and comment and test before I bring it into the main Apache httpd repository. Issues you can raise here, general discussion is probably best at the httpd dev mailing list.

Documentation

Look on the wiki for directions on how to use mod_md.

Status

NEW: the Apache2 PPA for ubuntu by @oerdnj, see here, has a patched mod_ssl just as mod_md needs it! Thanks! So, in such a server you just need to drop mod_md from here.

v0.4.0: I have tested that version on ubuntu 14.04 with the PPA from @oerdnj on my live server against the read Let's Encrypt service. The first green lock in the browser, managed by mod_md. We're getting close!

What you find here are early experience versions for people who like living on the edge and want to help me test not yet released changes.

This is not checkout, configure and shoot. For it to work, you need a patched mod_ssl (patch is provided in directory patches), but that is about the only complication.

Also: this is not production ready, yet. There is an ever expanding test suite included against a local boulder server, using the excellent pytest. Also, thanks to Jacob Champion, we have unit tests available when check is installed.

Test Status

Tests have been verfied to run on MacOS and Ubuntu 16.04 under the following conditions:

  • the *SSL library you compile with supports SNI
  • curl is linked against this recent *SSL lib
  • your Apache httpd installation has a patched mod_ssl
  • you have a local boulder server installed and it resolved host names against your httpd (see below)

So, it's a bit tricky when your OS does not support features like SNI in its standard config.

Install

See 2.4.x Installation on the wiki.

See ChangeLog for details.

Licensing

Please see the file called LICENSE.

Credits

This work is supported by an Award from MOSS, the Mozillla Open Source Support project. Many thanks to these excellent people! You are awesome!

Test cases mostly written by my colleague @michael-koeller who made this to a good part really a test driven development. Thanks!

Münster, 04.08.2017

Stefan Eissing, greenbytes GmbH

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without warranty of any kind. See LICENSE for details.