entrouvert
/
certbot-haproxy
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
HAProxy plugin for Let's Encrypt's Certbot
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
29 Commits 2 Branches 1 Tag 159 KiB
Python 75.1%
Shell 24.9%
Go to file
Chris Snijder 844c191809 Apache hosting node and haproxy forwarding configuration completed, /.well-known gets forwarded to another port. 2016-08-11 17:02:16 +02:00
certbot_haproxy Fix firewall of boulder server, some temporary changes for authenticator work. 2016-08-09 11:37:36 +02:00
docs Probably some stuff still missing, definately b0rken. 2016-08-01 17:16:53 +02:00
.gitignore add swp files to gitignore, improve instructions at end of dev_start 2016-08-03 16:56:13 +02:00
LICENSE.txt Initial commit for new LE HAProxy 2016-07-26 18:41:07 +02:00
MANIFEST.in Probably some stuff still missing, definately b0rken. 2016-08-01 17:16:53 +02:00
README.rst Add shortcuts to bypass curses UI and annoying prompts while testing to README.rst 2016-08-02 15:16:56 +02:00
Vagrantfile Fully functioning Debian based boulder server =] 2016-08-04 11:07:36 +02:00
dev_start.sh Apache hosting node and haproxy forwarding configuration completed, /.well-known gets forwarded to another port. 2016-08-11 17:02:16 +02:00
greenhost.patch change boulder IP address, change example.org to greenhost.nl so boulder wont complain 2016-08-10 11:44:19 +02:00
provisioning_client.sh Apache hosting node and haproxy forwarding configuration completed, /.well-known gets forwarded to another port. 2016-08-11 17:02:16 +02:00
provisioning_server.sh Apache hosting node and haproxy forwarding configuration completed, /.well-known gets forwarded to another port. 2016-08-11 17:02:16 +02:00
setup.py Fix firewall of boulder server, some temporary changes for authenticator work. 2016-08-09 11:37:36 +02:00

README.rst 

HAProxy plugin for Certbot
==========================

Getting started (development)
-----------------------------

In order to run tests against the Let's Encrypt API we will run a Boulder
server, which is the exact same server Let's Encrypt is running. The server is
started in Virtual Box using Vagrant. To prevent the installation of any
components and dependencies from cluttering up your computer there is also a
client Virtual Box instance. Both of these machines can be setup and started by
running the `dev_start.sh` script.

Running locally without sudo
----------------------------

You can't run certbot without root privileges because it needs to access
`/etc/letsencrypt`, however you can tell it not to use `/etc/` and use some
other path in your home directory.

```
mkdir ~/projects/cerbot-haproxy/working
mkdir ~/projects/cerbot-haproxy/working/config
mkdir ~/projects/cerbot-haproxy/working/logs
cat <<EOF >> ~/.config/letsencrypt/cli.ini
work-dir=~/projects/certbot-haproxy/working/
logs-dir=~/projects/certbot-haproxy/working/logs/
config-dir=~/projects/certbot-haproxy/working/config
EOF
```

Now you can run cerbot without root privileges.

Further time savers during development..
----------------------------------------
The following options can be saved in the `cli.ini` file for the following
reasons.

 - `agree-tos`: During each request for a certificate you need to agree to the
   terms of service of Let's Encrypt, automatically accept them every time.
 - `no-self-upgrade`: Tell LE to not upgrade itself. Could be very annoying
   when stuff starts to suddenly break, that worked just fine before.
 - `register-unsafely-without-email`: Tell LE that you don't want to be
   notified by e-mail when certificates are about to expire or when the TOS
   changes, if you don't you will need to enter a valid e-mail address for
   every test run.
 - `text`: Disable the curses UI, and use the plain CLI version instead.
 - `domain example.org`: Enter a default domain name to request a certificate
   for, so you don't have to specify it every time.
 - `configurator certbot-haproxy:haproxy`: Test with the HAProxy plugin every
   time.



cat <<EOF >> ~/.config/letsencrypt/cli.ini
agree-tos
no-self-upgrade
register-unsafely-without-email
text
domain example.org
configurator certbot-haproxy:haproxy
EOF


Setuptools version conflict
---------------------------

Most likely the `python-setuptools` version in your os's repositories is quite
outdated. You will need to install a newer version, to do this you can run:

```
pip install --upgrade setuptools
```

Since pip is part of `python-setuptools`, you need to have it installed before
you can update.