-
Notifications
You must be signed in to change notification settings - Fork 36
Installation on apache2 running on Ubuntu 22.04
A readymade shell script performing the below tasks will can be found in examples/install_scripts directory.
-
Install apache2 and the corresponding wsgi module $ sudo apt-get install -y apache2 libapache2-mod-wsgi-py3 python3-pip apache2-data
-
check if the wsgi module is activated in your apache configuration
$ sudo apache2ctl -M | grep -i wsgi
wsgi_module (shared)if the wsgi_module is not enabled please check the internet how to do...
-
download the acme2certifier from master and unpack it.
-
install the missing modules via pip
$ sudo pip3 install -r requirements.txt-
copy the file
examples/apache2/apache_wsgi.confto/etc/apache2/sites-available/acme2certifier.confand modify it according to you needs. -
in case you would like to activate TLS copy the file
examples/acme_wsgi_ssl.confto/etc/apache2/sites-available/acme2certifier.confand modify it according to your needs. Do not forget to place the key-bundle. This
file must contain the following certificate data in pem format:
- the private key
- the end-entity certificate
- intermediate CA certificates, sorted from leaf to root (root CA certificate should not be included for security reasons)
- activate the virtual server(s)
$ sudo a2ensite acme2certifier.conf
$ sudo a2ensite acme2certifier_ssl.conf- create a directory
/var/www/acme2certifier - copy the file
examples/acme2certifier_wsgi.pyto/var/www/acme2certifier - copy the directories
examples/ca_hander/,examples/eab_handler/,examples/hooks/andtoolsto/var/www/acme2certifier/
$ sudo mkdir /var/www/acme2certifier/examples
$ sudo cp -R examples/ca_handler/ /var/www/acme2certifier/examples/ca_handler
$ sudo cp -R examples/eab_handler/ /var/www/acme2certifier/examples/eab_handler
$ sudo cp -R examples/hooks/ /var/www/acme2certifier/examples/hooks
$ sudo cp -R examples/acme_srv.cfg /var/www/acme2certifier/examples/
$ sudo cp -R tools/ /var/www/acme2certifier/tools- create a directory
/var/www/acme2certifier/acme_srv - copy the content of the
acme_srvdirectory to/var/www/acme2certifier/acme_srv
$ sudo cp -R acme_srv/ /var/www/acme2certifier/acme_srv- create a configuration file
acme_srv.cfgin /var/www/acme2certfier/acme or use the example stored in the examples directory - modify the configuration file according to you needs
- Optional: pick the correct ca handler from
the examples/ca_handlerdirectory and copy it to/var/www/acme2certifier/acme_srv/ca_handler.py - configure the the ca_handler in
acme_srv.cfg. Example for Insta Certifier - activate the wsgi database handler
$ sudo cp /var/www/acme2certifier/examples/db_handler/wsgi_handler.py /var/www/acme_srv/acme2certfier/db_handler.py- ensure that the all files and directories under /var/www/acme2certifier are owned by the user running the webserver (www-data is just an example!)
$ sudo chown -R www-data.www-data /var/www/acme2certifier/- set correct permissions to acme subdirectory
$ sudo chmod a+x /var/www/acme2certifier/acme_srv- delete default apache configuration file and restart the apache2 service
$ sudo rm /etc/apache2/sites-enabled/000-default.conf
$ sudo systemctl reload apache2- Check access to the directory resource to verify that everything works so far
[root@srv ~]# curl http://127.0.0.1/directory
{"newAccount": "http://127.0.0.1/acme_srv/newaccount", "fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "http://127.0.0.1/acme_srv/key-change", "newNonce": "http://127.0.0.1/acme_srv/newnonce", "meta": {"home": "https://github.com/grindsa/acme2certifier", "author": "grindsa <[email protected]>"}, "newOrder": "http://127.0.0.1/acme_srv/neworders", "revokeCert": "http://127.0.0.1/acme_srv/revokecert"}[root@srv ~]#Try to enroll a certificate by using your favorite acme-client. If it fails check the configuration of your ca_handler, logs and enable debug mode in acme2certifier for further investigation.