created: 20190618154531946
creator: vplesnila
modified: 20190622101908943
modifier: vplesnila
tags: [[Apache HTTPD]]
title: acme_tiny.py - Let's Encrypt - Free SSL/TLS Certificates
type: text/vnd.tiddlywiki

!! Create a Let's Encrypt account private key

```
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:4096 -out /data/wwwroot/cassandra.itemdb.com/private/letsencrypt.key
```


Create a DOMAIN private key

```
openssl genrsa 4096 > /data/wwwroot/cassandra.itemdb.com/private/domain.key
```


!! Create a certificate signing request (CSR) for your domain

```
openssl req -new -sha256 -key domain.key -subj "/CN=cassandra.itemdb.com" > /data/wwwroot/cassandra.itemdb.com/private/domain.csr
```


!! Create directory for website host challenge files

```
mkdir -p /data/wwwroot/cassandra.itemdb.com/public/.well-known/acme-challenge
```


!! Get (or renew) a signed certificate

```
/root/shell/acme_tiny.py \
	--account-key /data/wwwroot/cassandra.itemdb.com/private/letsencrypt.key \
	--csr /data/wwwroot/cassandra.itemdb.com/private/domain.csr \
	--acme-dir /data/wwwroot/cassandra.itemdb.com/public/.well-known/acme-challenge > /data/wwwroot/cassandra.itemdb.com/private/signed_chain.crt
```

!! Apache configuration


```
<VirtualHost *:80>
    ServerName cassandra.itemdb.com
    Redirect permanent / https://cassandra.itemdb.com
    DocumentRoot "/data/wwwroot/cassandra.itemdb.com/public/"
    <Directory "/data/wwwroot/cassandra.itemdb.com/public/">
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    ServerName cassandra.itemdb.com
    SSLEngine on
    SSLCertificateFile "/data/wwwroot/cassandra.itemdb.com/private/signed_chain.crt"
    SSLCertificateKeyFile "/data/wwwroot/cassandra.itemdb.com/private/domain.key"
    DocumentRoot "/data/wwwroot/cassandra.itemdb.com/public/"
    <Directory "/data/wwwroot/cassandra.itemdb.com/public/">
                DirectoryIndex index.php index.htm index.html
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
     </Directory>
</VirtualHost>
```