2017-11-25 14:14:09 +01:00
|
|
|
# Evoacme 2.0
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2019-11-05 14:08:02 +01:00
|
|
|
The upstream repository of EvoAcme is at <https://gitea.evolix.org/evolix/evoacme>
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2019-11-05 14:08:02 +01:00
|
|
|
Shell scripts are copied from the upstream repository after each release.
|
|
|
|
No changes must be applied directly here ; patch upstream, release then copy here.
|
2017-11-25 14:14:09 +01:00
|
|
|
|
|
|
|
## Install
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-11-25 14:14:09 +01:00
|
|
|
### 1 - Create a playbook with evoacme role
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2016-12-14 15:49:34 +01:00
|
|
|
---
|
2017-11-25 14:14:09 +01:00
|
|
|
- hosts: hostname
|
|
|
|
become: yes
|
|
|
|
roles:
|
|
|
|
- evoacme
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-11-25 14:14:09 +01:00
|
|
|
### 2 - Install evoacme prerequisite with ansible
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2017-11-25 14:14:09 +01:00
|
|
|
# ansible-playbook playbook.yml -K --limit hostname
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-11-25 14:14:09 +01:00
|
|
|
### 3 - Include letsencrypt.conf in your webserver
|
2016-12-14 15:49:34 +01:00
|
|
|
|
|
|
|
For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.
|
|
|
|
|
2017-11-25 14:14:09 +01:00
|
|
|
For Nginx, you must include `/etc/nginx/snippets/letsencrypt.conf` in all wanted vhosts :
|
2017-01-17 14:54:31 +01:00
|
|
|
|
|
|
|
~~~
|
2017-11-25 14:14:09 +01:00
|
|
|
server {
|
|
|
|
[…]
|
|
|
|
include /etc/nginx/snippets/letsencrypt.conf;
|
|
|
|
[…]
|
|
|
|
}
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-11-25 14:14:09 +01:00
|
|
|
then reload the Nginx configuration :
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2017-11-25 14:14:09 +01:00
|
|
|
# nginx -t
|
|
|
|
# service nginx reload
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-11-25 14:14:09 +01:00
|
|
|
### 4 - Create a CSR for a vhost with make-csr
|
|
|
|
|
|
|
|
~~~
|
|
|
|
# make-csr vhostname domain...
|
|
|
|
~~~
|
|
|
|
|
|
|
|
### 5 - Generate the certificate with evoacme
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2017-01-31 15:14:20 +01:00
|
|
|
# evoacme look for /etc/ssl/requests/vhostname
|
|
|
|
# vhostname was the same used by make-csr
|
2016-12-14 15:49:34 +01:00
|
|
|
evoacme vhostname
|
2017-01-17 14:54:31 +01:00
|
|
|
~~~
|
2016-12-14 15:49:34 +01:00
|
|
|
|
2017-11-25 14:14:09 +01:00
|
|
|
### 6 - Include ssl configuration
|
2017-02-03 15:52:48 +01:00
|
|
|
|
|
|
|
Sll configuration has generated, you must include it in your vhost.
|
|
|
|
|
|
|
|
For Apache :
|
|
|
|
|
|
|
|
~~~
|
|
|
|
Include /etc/apache2/ssl/vhost.conf
|
|
|
|
~~~
|
|
|
|
|
|
|
|
For Nginx :
|
|
|
|
|
|
|
|
~~~
|
|
|
|
include /etc/nginx/ssl/vhost.conf;
|
|
|
|
~~~
|