Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
module:letsyncrypt [2018/03/01 12:11] – Links to util:binkit changed to module:binkit digital man | module:letsyncrypt [2018/12/24 17:15] – [Setup] Don't use the staging server by default (thanks, Nelgin!) digital man |
---|
LetSyncrypt should be added as a timed event. | LetSyncrypt should be added as a timed event. |
| |
Add the Timed Event in [[binkit]]->External Programs->Timed Events: | Add the Timed Event in [[util:SCFG]]->External Programs->Timed Events: |
<file> | <file> |
Internal Code SYNCRYPT | Internal Code SYNCRYPT |
This example has four domains (nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net). The last two are virtual hosts, so have their web root as a subdirectory of the main web root. | This example has four domains (nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net). The last two are virtual hosts, so have their web root as a subdirectory of the main web root. |
| |
You can specify the ACMEv2 endpoint using the ''Host'' and ''Directory'' global keys. ''Host'' is the domain name of the ACMEv2 endpoint, and ''Directory'' is appended to it to generate the URL that is fetched for the Directory object. You can also indicate that you agree to the Terms of Service by setting TOSAgreed to true. | You can specify the ACMEv2 endpoint using the ''Host'' and ''Directory'' keys in the [[config:ini_files#root_section|root section]]. ''Host'' is the domain name of the ACMEv2 endpoint, and ''Directory'' is appended to it to generate the URL that is fetched for the Directory object. You can also indicate that you agree to the Terms of Service by setting TOSAgreed to true. |
| |
<file> | <file> |
Host=acme-staging-v02.api.letsencrypt.org | Host=acme-v02.api.letsencrypt.org |
Directory=/directory | Directory=/directory |
TOSAgreed=true | TOSAgreed=true |
| |
''%%--tos%%'' Prints the URL for the Terms of Service. | ''%%--tos%%'' Prints the URL for the Terms of Service. |
| |
===== Important Caveat ===== | |
| |
At present (February 27, 2018), Let's Encrypt does not support ACMEv2 for trusted certificates. The server was expected to go live on February 27, 2018, but it was [[https://community.letsencrypt.org/t/acmev2-and-wildcard-launch-delay/53654|delayed]]. Once it goes live, letsyncrypt.js will be updated to use the newly announced server (likely acme-v02.api.letsencrypt.org). Until then, installed certificates will not be trusted, being issued by the staging server, signed by “Fake LE Intermediate X1”. | |
| |
===== See Also ===== | ===== See Also ===== |