NetBSD letsencrypt certificate installation with certbot for Apache

Submitted by Fekete Zoltán on Sun, 12/17/2017 - 13:19

1. Install certbot client

# pkgin in py27-certbot

2. Create a directory for challenge files

# mkdir <webroot>/letsencrypt/<your_domain>

3. Set up http access to the challenge directory

It's necessary because letsencrypt can check your servers authority files via http. https is not possible.
So, set up one virtual host like this:

<VirtualHost *:80>
    ServerAdmin <your_email>
    ServerName <your_domain>
    DocumentRoot <webroot>/letsencrypt/<your_domain>

    <Directory "<webroot>/letsencrypt/<your_domain>">
      AllowOverride None
      Order Allow,Deny
      Allow from all
      Require all granted

Restart apache now:

# service apache restart

4. Run certbot

First you could try if it works (letsencrypt locks you out after 5 trials):

# certbot2.7 --webroot -d --test-cert --dry-run certonly

In the process choose option 2, then the 1, and then give your created directory as webroot.

If it was successful, then you can run as production now:

# certbot2.7 -webroot -d certonly

Now restart apache again, and test your https site!