Bof.

No theme, no regular posting.

© 2014-2018. Raphaël Rigo CC-BY-SA 4.0

About.

Let's Encrypt cron with acme-tiny

So, Let’s Encrypt is awesome, even if the official client is a terrifying beast. I chose to use acme-tiny and this post is a quick HOWTO.

MAILTO=root

1 1 21 * *	letsencrypt umask 033; python /usr/local/acme-tiny/acme_tiny.py --account-key /etc/letsencrypt/user.key --csr /etc/letsencrypt/site.csr --acme-dir /var/www/.well-known/acme-challenge/ > /tmp/site.crt && cat /tmp/site.crt > /etc/ssl/certs/site.crt
10 1 21 * * root service apache2 reload

Just a caveat, Let’s Encrypt does not easily support challenges over HTTPS, so configure a redirect from http to https :

<VirtualHost *:80>
        ServerName syscall.eu
        Redirect permanent / https://syscall.eu/
</VirtualHost>