Manuel Wildauer

How to enable HTTPS with acme-client

Populate /etc/acme-client.conf and replace example.com with your domain

authority letsencrypt {
  api url "https://acme-v01.api.letsencrypt.org/directory"
  account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
  api url "https://acme-staging.api.letsencrypt.org/directory"
  account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain example.com {
  alternative names { example.com }
  domain key "/etc/ssl/private/example.com.key"
  domain certificate "/etc/ssl/example.com.crt"
  domain full chain certificate "/etc/ssl/example.com.pem"
  sign with letsencrypt
}

Create directories

mkdir -p -m 700 /etc/acme
mkdir -p -m 700 /etc/ssl/acme/private
mkdir -p -m 755 /var/www/acme

Populate /etc/httpd.conf

server "example.com" {
  listen on * port 80
  root "/htdocs/example.com"
  location "/.well-known/acme-challenge/*" {
    root { "/acme", strip 2 }
  }
}

Check the configuration and restart httpd

httpd -n

When everything looks ok, restart httpd

rcctl restart httpd

Run the acme-client

acme-client -vAD example.com

Now enable HTTPS and restart httpd

Populate /etc/httpd.conf and add a new server section for HTTPS

server "example.com" {
  listen on * tls port 443
  root "/htdocs/example.com"
  tls {
    certificate "/etc/ssl/example.com.pem"
    key "/etc/ssl/private/example.com.key"
  }
  location "/.well-known/acme-challenge/*" {
    root { "/acme", strip 2 }
  }
}

Check the configuration and restart httpd

httpd -n

and

rcctl restart httpd

Now you should reach your website over HTTPS