859
edits
Changes
From SME Server
Jump to navigationJump to search→Install with John Crisp contrib
==Install with John Crisp contrib==
==Install with John Crisp contrib==
Sources: https://github.com/reetp/smeserver-letsencrypt
First add his repo
{{:reetspetit}}
{{:reetspetit}}
Then apply changes
signal-event yum-modify
signal-event yum-modify
Then install
yum install smeserver-letsencrypt --enablerepo=reetp
yum install smeserver-letsencrypt --enablerepo=reetp
Set email
config setprop letsencrypt email my@email.com
config setprop letsencrypt email my@email.com
rm /etc/letsencrypt.sh/certs/* -rf
rm /etc/letsencrypt.sh/certs/* -rf
rm /etc/letsencrypt.sh/private_key.* -r
rm /etc/letsencrypt.sh/accounts/* -rf
letsencrypt.sh -c -x
letsencrypt.sh -c -x
=== what is next ?===
=== What is next ?===
If you make any db key changes run console-save to regenerate your config files
If you make any db key changes run console-save to regenerate your config files
You can now set any public ibays to SSL only using the server manager, or set the following key:
You can now set any public ibays to SSL only using the server manager, or set the following key
db accounts setprop {accountname} SSL enabled
db accounts setprop {accountname} SSL enabled
You cannot set the Primary ibay to SSL from the panel:
You cannot set the Primary ibay to SSL from the panel
db accounts setprop Primary SSL enabled
db accounts setprop Primary SSL enabled
config setprop letsencrypt keysize (defaults to 4096)
config setprop letsencrypt keysize (defaults to 4096)
If the licence changes before this script is updated you can specify a new licence URL:
If the licence changes before this script is updated you can specify a new licence URL
config setprop letsencrypt licence https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
config setprop letsencrypt licence https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
default is none
default is none
If you set to domains it will enable ALL domains regardless of individual settings. Hosts will be per host as normal.
If you set to domains it will enable ALL domains regardless of individual settings. Hosts will be per host as normal
If you set to hosts it will enable ALL hosts regardless of individual settings. Domains will be per domain as normal
If you set to hosts it will enable ALL hosts regardless of individual settings. Domains will be per domain as normal
If you set to all it will enable ALL hosts AND domains regardless of individual settings.
If you set to all it will enable ALL hosts AND domains regardless of individual settings.
===Problems===
The first thing is to check all your domains can resolve
http://my.domain/.well-known/acme-challenge
Check that the following files are correctly generated
/etc/letsencrypt.sh/config
/etc/letsencrypt.sh/domains.txt
Set letsencrypt back to test and remove any generated keys
db configuration setprop letsencrypt status test
rm /etc/letsencrypt.sh/certs/* -rf
rm /etc/letsencrypt.sh/accounts/* -rf
Then run letsencrypt.sh again
letsencrypt.sh -c -x
{{Note box | If you make too many failed attempts at certificate generation you will be locked out of the letsencrypt servers for up to a week. Make sure everything works in test mode before you try it for real! See notes on rate limits below}}
===Errors===
If you see the following
{"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
https://github.com/lukas2511/letsencrypt.sh/issues/2
See above for removing private keys and regenerating
If you see something like this you may have hit the rate limit
{"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many currently pending authorizations.","status":429}
https://github.com/lukas2511/letsencrypt.sh/blob/master/docs/staging.md
https://letsencrypt.org/docs/rate-limits/
==Source from info==
==Source from info==
