Let's Encrypt and the Hiawatha Webserver

UPDATE: If you don’t want to read the source code of the Let’s Encrypt tool you’re using, you might as well use the official client, that does a bit more magic. Don’t get me wrong, the official client is open source, too. But it has way more lines of code, so it’s harder to read through. The Hiawatha user VirginSteele posted a four-step tutorial here (scroll down to the entry with the timestamp 12 November 2015, 14:43). One notable difference is, that you don’t need to stop the webserver there, as the letsencrypt-nosudo script I’m using in my tutorial can’t do this yet.

Here’s a quick rundown of how I’ve set up Let’s Encrypt with my favorite webserver. Read yesterday’s post for a more verbose story.



# Busybox syntax, read the man pages for
# adduser or useradd on your system

root@sabotage ~ # adduser -D -s /bin/zsh letsencrypt
root@sabotage ~ # su - letsencrypt
letsencrypt@sabotage ~ % git clone "https://github.com/diafygi/letsencrypt-nosudo.git"
letsencrypt@sabotage ~ % cd letsencrypt-nosudo
letsencrypt@sabotage ~/letsencrypt-nosudo % ls
LICENSE      domain.csr   sign_csr.py  user.key
README.md    domain.key   signed.crt   user.pub
# wget works fine as well
letsencrypt@sabotage ~/letsencrypt-nosudo % curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > lets-encryt-x1-cross-signed.pem
letsencrypt@sabotage ~/letsencrypt-nosudo % cat domain.key signed.crt lets-encryt-x1-cross-signed.pem > letsencrypt_hiawatha.crt
letsencrypt@sabotage ~/letsencrypt-nosudo % exit
root@sabotage ~ # cd /etc/hiawatha
root@sabotage /etc/hiawatha # mv ~letsencrypt/letsencrypt-nosudo/letsencrypt_hiawatha.crt .
root@sabotage /etc/hiawatha # chown root:root letsencrypt_hiawatha.crt
root@sabotage /etc/hiawatha # chmod 400 letsencrypt_hiawatha.crt
Binding {
	Port = 443
	TLScertFile = /etc/hiawatha/letsencrypt_hiawatha.crt