Skip to content

DEB installation on Ubuntu 22.04

Jump to bottom
grindsa edited this page Oct 14, 2023 · 2 revisions

DEB installation on Ubuntu 22.04

The debian package is generic and supports running acme2certifier with either apache2 and nginx

Installation with apache2

  1. Download the latest DEB package.
  2. Install acme2certifier and apache2 packages
$ sudo apt-get install -y apache2  apache2-data  libapache2-mod-wsgi-py3
$ sudo apt-get install -y ../acme2certifier_<version>-1_all.deb
  1. Copy and activete apache2 configuration file
$ sudo cp /var/www/acme2certifier/examples/apache2/apache_wsgi.conf /etc/apache2/sites-available/acme2certifier.conf
$ sudo a2ensite acme2certifier
  1. Copy and activate apache2 ssl configuration file (optional)
$ sudo cp /var/www/acme2certifier/examples/apache2/apache_wsgi_ssl.conf /etc/apache2/sites-available/acme2certifier_ssl.conf
$ sudo a2ensite acme2certifier_ssl

  1. Create a configuration file acme_srv.cfg in /var/www/acme2certifier/acme_srv/ or use the example stored in the examples directory

  2. Modify the configuration file according to you needs

  3. Configure the CA handler according to your needs. Example for Insta Certifier

  4. Enable and start the apache2 service

$ systemctl enable apache2.service
$ systemctl start apache2.service
  1. Test the server by accessing the directory resource
$ curl http://<your server name>/directory
{"newAccount": "http://127.0.0.1:8000/acme_srv/newaccount", "fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "http://127.0.0.1:8000/acme_srv/key-change", "newNonce": "http://127.0.0.1:8000/acme_srv/newnonce", "meta": {"home": "https://github.com/grindsa/acme2certifier", "author": "grindsa <[email protected]>"}, "newOrder": "http://127.0.0.1:8000/acme_srv/neworders", "revokeCert": "http://127.0.0.1:8000/acme_srv/revokecert"}
  1. Try to enroll a certificate by using your favourite acme-client. If something does not work enable debugging in /var/www/acme2certifier/acme_srv/acme_srv.cfg and check /var/log/apache2/error.log for errors.

Installation with nginx

  1. Download the latest DEB package.
  2. Install acme2certifier and nginx packages
$ sudo apt-get install -y python3-pip nginx uwsgi uwsgi-plugin-python3
$ sudo apt-get install -y ../acme2certifier_<version>-1_all.deb
  1. Adapt the nginx configuration file to Ubuntu 22.04 and activate the configuration
$ sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" examples/nginx/nginx_acme_srv.conf
$ sudo cp examples/nginx/nginx_acme_srv.conf /etc/nginx/sites-available/acme_srv.conf
$ sudo rm /etc/nginx/sites-enabled/default
$ sudo ln -s /etc/nginx/sites-available/acme_srv.conf /etc/nginx/sites-enabled/acme_srv.conf
  1. Adapt and copy uwsgi configuration files
$ sed -i "s/\/run\/uwsgi\/acme.sock/acme.sock/g" examples/nginx/acme2certifier.ini
$ sed -i "s/nginx/www-data/g" examples/nginx/acme2certifier.ini
$ echo "plugins=python3" >> examples/nginx/acme2certifier.ini
$ sudo cp examples/nginx/acme2certifier.ini /var/www/acme2certifier
  1. Create acme2certifier systemd service file
cat <<EOT > acme2certifier.service
[Unit]
Description=uWSGI instance to serve acme2certifier
After=network.target

[Service]
User=www-data
Group=www-data
WorkingDirectory=/var/www/acme2certifier
Environment="PATH=/var/www/acme2certifier"
ExecStart=uwsgi --ini acme2certifier.ini

[Install]
WantedBy=multi-user.target
EOT
  1. Copy systemd service file
$ sudo mv acme2certifier.service /etc/systemd/system/acme2certifier.service
  1. Enable and start acme2certifier service
$ sudo systemctl start acme2certifier
$ sudo systemctl enable acme2certifier
  1. Enable and start nginx
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
  1. Test the server by accessing the directory resource
$ curl http://<your server name>/directory
{"newAccount": "http://127.0.0.1:8000/acme_srv/newaccount", "fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "http://127.0.0.1:8000/acme_srv/key-change", "newNonce": "http://127.0.0.1:8000/acme_srv/newnonce", "meta": {"home": "https://github.com/grindsa/acme2certifier", "author": "grindsa <[email protected]>"}, "newOrder": "http://127.0.0.1:8000/acme_srv/neworders", "revokeCert": "http://127.0.0.1:8000/acme_srv/revokecert"}
  1. Try to enroll a certificate by using your favourite acme-client. If something does not work enable debugging in /var/www/acme2certifier/acme_srv/acme_srv.cfg and check /var/log/nginx/error.log for errors.
Clone this wiki locally