letsencrypt

General

The goal of the module is to prepare the OS and install the tools for using letsencrypt certificate services. Using a postinstaller, the module provides SSL keys officially signed by letsencrypt ready for use with a local apache websever. To maintain the validity of the certificate the postinstaller creates a cronjob to renew the certificate when needed.

Software Packages

“epel-release” will be installed to enable use of the EPEL repository. “acme-tiny” will be installed for accessing the letsencrypt service.

Configuration

No configurations applied

ini Variables

The main module for installation of the acme tools, do not use varibles. postinstall=setupcerts certs=my.gawati.org

Postinstallers

1 postinstaller available called “setupcerts” to create key pairs and retrieve certificates from letsencrypt. “certs” specifies a comma separated list of DNSnames for which certificates shall be retrieved. These names must reach the local apache webserver on port 80 through public DNS to be successful.

Example:

postinstall=setupcerts
certs=my.gawati.org

Details

The letsencrypt verification folder structure will be created at “/var/www/challenges/.well-known/acme-challenge” Keys will be stored at “/etc/pki/tls/letsencrypt” Certificates will be stored at “/etc/pki/tls/letsencrypt” For compatibility and organisation links will be created at “/etc/ssl/letsencrypt”