/
README.html
74 lines (49 loc) · 2.65 KB
/
README.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<h1>hosteurope-letsencrypt</h1>
<p>Automatically use Let's Encrypt certificates with a HostEurope WebPack</p>
<blockquote>
<p>HostEurope has now changed the login mechanism again, this program cannot upload any more</p>
</blockquote>
<h2>Situation</h2>
<p>I have a WebPack hosting package at <a href="https://www.hosteurope.de/">HostEurope</a>.
They allow uploading certificates like the ones from <a href="https://letsencrypt.org/">Let's
Encrypt</a>, but there is no automation for the Let's
Encrypt renewal. I have now created a script that automates the process. It
runs on my Linux computer at home and organizes the process.</p>
<h2>Solution</h2>
<p><em>I did this a while ago, so let me know if you find the procedure does not
work for you!</em></p>
<p>Modify the attached <code>run.sh</code> to contain variables for your situation. Set its permissions to 700 to protect your passwords: <code>chmod 700 run.sh</code></p>
<p>Get <a href="https://github.com/srvrco/getssl">getssl</a> to communicate with Let's
Encrypt.</p>
<p>Call <code>./getssl -w . -c yourdomain.com</code> to set up</p>
<h3>Modify <code>yourdomain.com/getssl.cfg</code></h3>
<p>Modify the file <code>yourdomain.com/getssl.cfg</code> that has been created in the last
step.</p>
<p>Set additional domains as needed</p>
<pre><code>SANS="www.yourdomain.com,subdomain.yourdomain.com,otherdomain.de"
</code></pre>
<p>In each web domain, create the directory <code>.well-known/acme-challenge</code></p>
<p>For the base domain, and each additional domain, create a line in <code>ACL</code>. Add
the path to the domain's <code>.well-known/acme-challenge</code> as last parameter.</p>
<pre><code>ACL=(
"ftp:${FTP_USER}:${FTP_PASSWD}:${DOMAIN}:www/.well-known/acme-challenge"
"ftp:${FTP_USER}:${FTP_PASSWD}:${DOMAIN}:www/.well-known/acme-challenge"
"ftp:${FTP_USER}:${FTP_PASSWD}:${DOMAIN}:/subdomain/.well-known/acme-challenge"
"ftp:${FTP_USER}:${FTP_PASSWD}:${DOMAIN}:/otherdomain/.well-known/acme-challenge"
)
</code></pre>
<p>Store the produced certificates in the current folder</p>
<pre><code>DOMAIN_CERT_LOCATION="${KIS_DOMAIN}.crt"
DOMAIN_KEY_LOCATION="${KIS_DOMAIN}.key"
CA_CERT_LOCATION="chain.crt"
DOMAIN_CHAIN_LOCATION="domainchain.crt" # this is the domain cert and CA cert
</code></pre>
<p>Use the attached Perl Program to upload the certificates to the server</p>
<pre><code>RELOAD_CMD="upload_to_kis.pl"
</code></pre>
<h3>Run it</h3>
<p>If all goes right, you just need to enter the directory and call <code>./run.sh</code>.</p>
<p>This can also be done as a cron job:</p>
<pre><code> 23 5 * * * cd xxxxxx; ./run.sh >> log
</code></pre>
<p><strong>Let me know if this works out for you!</strong></p>