Forum

going bonkers over letsencrypt

commandline.be
4 December 2018, 22:54
each time i set up a new letsencrypt certificat for my test vps commandline.be i run into issues
despite my rave review of letsencrypt as supplied with hiawatha i now get a timeout, before it was unclear if the script would also generate the san for all virtualhostname entries in hiawatha.conf

so, i switched to using acme.sh to find it works quite well and quite easily, i just cannot figure out how to get the certificates generated to work with hiawatha

sigh
commandline.be
4 December 2018, 23:42
okay, found it, it is working

helpful resource: https://wiki.archlinux.org/index.php/Hiawatha#Enable_SSL/TLS (explains how the PEM cert is constructed)

## on Linux / BSD
# download most recent acme.sh

curl https://get.acme.sh
chmod a+x acme.sh

# install acme.sh into ~/.acme.sh/
./acme.sh --install --accountemail youraddress@email.tld

# generate a certificate
./acme.sh --issue -d domain.tld -d www.domain.tld -d blog.domain.tld -d stats.domain.tld --standalone --keystrength ec-256

cd ~/.acme.sh

cat domain.tld_ecc/domain.tld.key > /usr/local/etc/hiawatha/tls/domain.tld.key
cat domain.tld_ecc/domain.tld.cer >> /usr/local/etc/hiawatha/tls/domain.tld.key
cat domain.tld_ecc/ca.cer >> /usr/local/etc/hiawatha/tls/domain.tld.key

## just for sakes of checking, notice th fullchain.cer is also not identical to the domain.tld.key file
diff domain.tld_ecc/fullchain.cer /usr/local/etc/hiawatha/tls/domain.tld.key

commandline.be
5 December 2018, 22:47
Just to be clear, it's probably me, but i could not find the issue

acme.sh just gives a lot of control and is eventually workable and reproducible in effect
commandline.be
5 December 2018, 23:25
ignore whatever i said, i need to take time and study letsencrypt (teeths grinding)
Hugo Leisink
6 December 2018, 11:38
That's the case for many people.
Allowed BBcodes:
[quote]
[code]
[config]
[url]
[color]
[size]
[img]
[b]
[i]
[u]
[s]
[list]
[ul]
[ol]
[*]