Cool Solution - Let's Encrypt
From Univention Wiki
This article explains how to install a small Let's Encrypt client using the "ACME" protocoll by running a wrapper script, which UCR variables must be configured and how to obtain the certificates.
After installing the package
univention-letsencrypt the client is ready for configuration:
1 univention-install univention-letsencrypt
The package brings a new UCR variable which is read by the wrapper script from
||Whether the Apache2 webserver should be configured automatically or not, valid values are "Yes" or "No"|
||Whether the postfix service should be configured automatically or not, valid values are "Yes" or "No"|
||Whether the dovecot service should be configured automatically or not, valid values are "Yes" or "No"|
||A list of DNS names on which the server is reachable, separated by spaces||service1.example.com service2.example.com|
Obtaining the certificate
Run the script
/usr/share/univention-letsencrypt/setup-letsencrypt to automatically register an account, create the needed files and start the certificate creation and validation for the domains saved in the UCR variable letsencrypt/domains. The script installs a cronjob that periodically checks if the certificates must be renewed. All actions from the script are written into a the log file
The certificate is saved in the directory
At the end,
setup-letsencrypt checks the three service UCR variables and, if one is found set to "Yes", runs the needed scripts from the
post-refresh.d directories to configure the Apache2 webserver, postfix, or dovecot. Additional services can be configured by placing appropriate configuration scripts into these directories.
When the list of domains in letsencrypt/domains changes and
setup-letsencrypt is run again, a prompt asks for deleting the current csr-file and recreates it with the new UCR variable's content.