Let's Encrypt and Hiawatha Howto

8 November 2015, 12:46
Hi there,

I've got Hiawatha and Let's Encrypt working since yesterday.

In case someone wants to do the same thing, here's a short tutorial:
Hugo Leisink
8 November 2015, 13:21
Thanks!! Posted the link via Twitter.
10 November 2015, 14:30
BTW: Using the official letsencrypt tool it is not possible to verify the domain with the webroot method:

Is a workaround possible? Maybe by allowing access to the /.well-known/acme-challenge/ directory using the Directory {} settings?
11 November 2015, 09:26
Forget about my last message! The AllowDotFiles actually is everything you need to access dot files (see note [1]). But: In the same VirtualHost {} section I am using UseToolkit = wordpress with following rule: RequestURI exists Return.
This rule still does not match if a file is in the /.well-known/ directory. I also had to add the rule Match ^/.well-known/(.*) Return to the url toolkit. Maybe this can be considered as a bug, I do not know. At least it is something you have to know.

1: Maybe the manual page should not say "allow Hiawatha to upload files that start with a dot" because first I thought it means uploading a file to the web server. Actually it means that files that start with a dot can be downloaded by the client.
Hugo Leisink
11 November 2015, 21:11
Thanks for the feedback. Both issues have been fixed.
12 November 2015, 14:43
Thanks! So with this being fixed, setting up Let's Encrypt is actually even more easy than in the HowTo. All you have to do is:
1. Get letsencrypt-auto:
git clone
cd letsencrypt

2. Run letsencrypt-auto. It installs all dependencies (at least on Debian):
./letsencrypt-auto --server --help

3. Get certs. Use the webroot of Hiawatha to authenticate the desired domains. The letsencrypt-auto script puts some files in the /.well-known/ subdirectory. These files are downloaded by the Let's Enrypt server to verify you are the domain holder:
./letsencrypt-auto certonly -a webroot --webroot-path /srv/www/ -d -d --server --agree-dev-preview

4. If this succeeds you can copy the certs to the hiawatha config directory (hiawatha need's a specific certificate format), add the file to hiawatha's config and restart the hiawatha:
cat /etc/letsencrypt/live/ /etc/letsencrypt/live/ /etc/letsencrypt/live/ > /etc/hiawatha/tls/
chmod 400 /etc/hiawatha/tls/
/etc/init.d/hiawatha restart
14 November 2015, 13:32
VirginSteele, thanks for your alternative tutorial with the official client. I've linked it in my blog post
This topic has been closed.