-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
72 lines (49 loc) · 2.16 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
lehttpd is a micro http server with the sole purpose of answering
letsencrypt[0] challenge responses.
Handy for when you are issuing certificates for servers with no running
web server and you don't really want to set one up etc.
Usage is simply a matter of calling lehttpd and telling it where the
letsencrypt challenge directory is. lehttpd simply takes the last path
component of the request and sends that file from the specified directory.
E.g. if it gets the request
/.well-known/acme-challenge/6rEoXjsdTITO7tJUXj-aXY-RN2CYOF1O6JsgfFqCeUs
it will simply send the file
6rEoXjsdTITO7tJUXj-aXY-RN2CYOF1O6JsgfFqCeUs
I use this in conjunction with the C based acme-client[1].
Seeing as all this is meant to be automated. Here's what a shell script to
drive this might look like...
#!/bin/sh
#
if [[ ! -d /tmp/acme ]]; then
mkdir /tmp/acme
fi
# Will run for 60 seconds then terminate
lehttpd /tmp/acme &
sleep 1
acme-client -v my.domain.com
if [ $? -eq 0 ]; then
# Certificates changed
systemctl restart service1
systemctl restart service2
...
fi
exit 0
lehttpd uses libmicrohttpd[2] and should be run as root, once started, it
chroot's to the specified directory and switches to the 'nobody' user. It
will run for 60 seconds then terminate.
On Red Hat/Fedora based systems you yill need the libmicrohttpd-devel package
and on Debian it's libmicrohttpd-dev
Also if you have libseccomp[3] installed it will try to make use of the
Linux kernels seccomp support. This also needs the SCMP_FLTATR_CTL_TSYNC
flag, which is also checked for at run-time.
On Red Hat/Fedora based systems you yill need the libseccomp-devel package
and on Debian it's libseccomp-dev
The libseccomp detection uses pkg-config which on Red Hat et al is either
the pkgconfig or pkgconf-pkg-config package for newer systems. On Debian it's
pkg-config.
This is licensed under the GNU General Public License version 2. See
COPYING.
[0] - https://letsencrypt.org/
[1] - https://git.wolfsden.cz/acme-client-portable
[2] - http://www.gnu.org/software/libmicrohttpd/
[3] - https://github.com/seccomp/libseccomp