Assuming you’ve apache2 already installed and a reachable internet server running
apt-get install dehydrated
Add/edit /etc/apache2/conf-available/letscrypt.conf
(notice the difference between the alias and the real directory which is plural acme-challenges):
Alias /.well-known/acme-challenge/ "/var/lib/dehydrated/acme-challenges/"
<Directory "/var/lib/dehydrated/acme-challenges/">
Options None
AllowOverride None
# Apache 2.x
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
# Apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
Add/edit /etc/dehydrated/conf.d/99_email.sh
:
CONTACT_EMAIL="anymail@yourdomain"
Edit /etc/dehydrated/domains.txt
, set the domains for which generate certificates.
Restart apache2 and run dehydrated -c
, it should create the domain certs.
Edit your apache’s host file (/etc/apache2/sites-available/default-ssl.conf
), replace DOMAIN with your domains:
SSLCertificateFile /var/lib/dehydrated/certs/DOMAIN/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/DOMAIN/privkey.pem
Add/edit /etc/cron.daily/dehydrated
:
#!/bin/sh
exec /usr/bin/dehydrated -c >/var/log/dehydrated-cron.log 2>&1
Run chmod 0755 /etc/cron.daily/dehydrated
Add/Edit /etc/logrotate.d/dehydrated
:
/var/log/dehydrated-cron.log
{
rotate 12
monthly
missingok
notifempty
delaycompress
compress
}