Difference between revisions of "Cool Solution - Let's Encrypt"

From Univention Wiki

Jump to: navigation, search
(Page update)
(move to App Center)
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Version|UCS=4.1}}
+
{{#seo:
{{Cool Solutions Disclaimer|Repository=yes}}
+
|title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}}
{{Review-Status}}
+
<!--|description=-->
This article explains how to install a small Let's Encrypt client using the "ACME" protocoll by running a wrapper script, which UCR variables must be configured and how to obtain the certificates.
+
}}
  
__TOC__
+
Let's Encrypt has been moved to the Univention App Center and can be reached under https://www.univention.com/products/univention-app-center/app-catalog/letsencrypt/.
 
 
== Installation ==
 
After installing the package <code>univention-letsencrypt</code> the client is ready for configuration:
 
<syntaxhighlight lang="bash" line="1">
 
univention-install univention-letsencrypt
 
</syntaxhighlight>
 
 
 
== Configuration ==
 
The package brings a new UCR variable which is read by the wrapper script from <code>univention-letsencrypt</code>:
 
{| class="wikitable"
 
|-
 
!UCR Variable                              || Description                                                                                            || Example
 
|-
 
|<code>letsencrypt/services/apache2</code> || Whether the Apache2 webserver should be configured automatically or not, valid values are "Yes" or "No" ||
 
|-
 
|<code>letsencrypt/services/postfix</code> || Whether the postfix service should be configured automatically or not, valid values are "Yes" or "No"  ||
 
|-
 
|<code>letsencrypt/services/dovecot</code> || Whether the dovecot service should be configured automatically or not, valid values are "Yes" or "No"  ||
 
|-
 
|<code>letsencrypt/domains</code>          || A list of DNS names on which the server is reachable, separated by spaces                              || service1.example.com service2.example.com
 
|}
 
 
 
== Obtaining the certificate ==
 
Run the script <code>'''/usr/share/univention-letsencrypt/setup-letsencrypt'''</code> to automatically register an account, create the needed files and start the certificate creation and validation for the domains saved in the UCR variable '''letsencrypt/domains'''. The script installs a cronjob that periodically checks if the certificates must be renewed. All actions from the script are written into a the log file <code>/var/log/univention/letsencrypt.log</code>.
 
 
 
The certificate is saved in the directory <code>/etc/univention/letsencrypt</code>.
 
 
 
At the end, <code>'''setup-letsencrypt'''</code> checks the three service UCR variables and, if one is found set to "Yes", runs the needed scripts from the <code>setup.d</code> and <code>post-refresh.d</code> directories to configure the Apache2 webserver, postfix, or dovecot. Additional services can be configured by placing appropriate configuration scripts into these directories.
 
 
 
When the list of domains in '''letsencrypt/domains''' changes and <code>'''setup-letsencrypt'''</code> is run again, a prompt asks for deleting the current csr-file and recreates it with the new UCR variable's content.
 

Latest revision as of 09:44, 11 October 2018

Let's Encrypt has been moved to the Univention App Center and can be reached under https://www.univention.com/products/univention-app-center/app-catalog/letsencrypt/.

Personal tools