Skip to content

Installation on apache2

Jump to bottom
grindsa edited this page Jul 8, 2021 · 4 revisions

Installation on apache2 running on Ubuntu 18.04

  1. check if the wsgi module is activated in your apache configuration
root@rlh:~# apache2ctl -M | grep -i wsgi
 wsgi_module (shared)
root@rlh:~#

if the wsgi_module is not enabled please check the internet how to do... 2. download the archive and unpack it. 3. install the missing modules via pip

root@rlh:~# pip3 install -r requirements.txt
  1. copy the file examples/apache_wsgi.conf to /etc/apache2/sites-available/acme2certifier.conf and modify it according to you needs.
  2. in case you would like to activate TLS copy the file examples/acme_wsgi_ssl.conf to /etc/apache2/sites-available/acme2certifier.conf and modify it according to your needs. Do not forget to place the key-bundle. This

file must contain the following certificate data in pem format:

  • the private key
  • the end-entity certificate
  • intermediate CA certificates, sorted from leaf to root (root CA certificate should not be included for security reasons)
  1. activate the virtual server(s)
root@rlh:~# a2ensite acme2certifier.conf
root@rlh:~# a2ensite acme2certifier_ssl.conf
  1. create a directory /var/www/acme2certifier
  2. copy the file acme2certifier_wsgi.py to /var/www/acme2certifier
  3. create a directory /var/www/acme2certifier/acme_srv
  4. copy the content of the acme -directory to /var/www/acme2certifier/acme_srv
  5. create a configuration file 'acme_srv.cfg' in /var/www/acme2certfier/acme or use the example stored in the example directory
  6. modify the configuration file according to you needs
  7. pick the correct ca handler from the examples/ca_handler directory and copy it to /var/www/acme2certifier/acme_srv/ca_handler.py
  8. configure the connection to your ca server. Example for Insta Certifier
  9. activate the wsgi database handler
root@rlh:~# cp /var/www/acme2certifier/examples/db_handler/wsgi_handler.py /var/www/acme_srv/acme2certfier/db_handler.py
  1. ensure that the all files and directories under /var/www/acme2certifier are owned by the user running the webserver (www-data is just an example!)
root@rlh:~# chown -R www-data.www-data /var/www/acme2certifier/
  1. set correct permissions to acme subdirectory
root@rlh:~# chmod a+x /var/www/acme2certifier/acme_srv
  1. Check access to the directory resource to verify that everything works so far
[root@srv ~]# curl http://127.0.0.1/directory
{"newAccount": "http://127.0.0.1/acme_srv/newaccount", "fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "http://127.0.0.1/acme_srv/key-change", "newNonce": "http://127.0.0.1/acme_srv/newnonce", "meta": {"home": "https://github.com/grindsa/acme2certifier", "author": "grindsa <[email protected]>"}, "newOrder": "http://127.0.0.1/acme_srv/neworders", "revokeCert": "http://127.0.0.1/acme_srv/revokecert"}[root@srv ~]#

Try to enroll a certificate by using your favorite acme-client. If it fails check the configuration of your ca_handler, logs and enable debug mode in acme2certifier for further investigation.

Clone this wiki locally