mirror of
https://github.com/grindsa/acme2certifier.git
synced 2025-12-31 01:51:01 +02:00
Page:
Installation on Nginx Running on Ubuntu 22.04
Pages
# How to build an acme2certifier cluster on Ubuntu 22.04
<! wiki title: DEB Installation on Ubuntu 22.04
<! wiki title: External Account Binding
<! wiki title: Hooks
<! wiki title: Installation on Apache2 Running on Ubuntu 22.04
<! wiki title: Installation on NGINX Running on Alma Linux 9
<! wiki title: Pass Information from ACME Client to CA Handler
<! wiki title: Reporting and Housekeeping
<! wiki title: Support for ACME profiling
<! wiki title: Support for External Databases
ACME CA handler
Asynchronous Mode (`async_mode`) in acme2certifier
CA Handler for Microsoft Certification Authority Web Enrollment Service
CA Handler for Microsoft Windows Client Certificate Enrollment Protocol (MS WCCE)
CA Handler for NetGuard Certificate Lifecycle Manager
CA Handler for OpenXPKI
CA Handler for XCA
CA Handler for an OpenSSL based CA Stored on Local File System
CA Polling to Check Pending Enrollment Requests
CA Trigger
CA handler for Digicert CertCentral
CA handler for EJBCA
CA handler for Entrust ECS Enterprise
CA handler for Insta ActiveCMS
CA handler for Insta
CA handler for Microsoft Certification Authority Web Enrollment Service
CA handler for Microsoft Windows Client Certificate Enrollment Protocol (MS WCCE)
CA handler for NetGuard Certificate Lifecycle Manager
CA handler for NetGuard Certificate Manager and Insta Certifier
CA handler for OpenXPKI
CA handler for XCA
CA handler for an openssl based CA stored on local file system
CA handler using CMPv2 protocol
CA handler using EST protocol
CA polling to check pending enrollment requests
CA trigger
CA‐handler for Hashicorp Vault PKI
Configuration options for acme2certifier
Containerized Installation Using Apache2 or Nginx as Web Server with WSGI or Django
Containerized installation
DEB installation on Ubuntu 22.04
Database scheme
Enrollment of End User Certificates according to RFC8823
Enrollment profiling via external account binding
Example commands for acme clients
External Account Binding (EAB)
External Account Binding
Home
Hooks support
Hooks
How to Create Your Own CA Handler
How to build am acme2certifier cluster on Ubuntu 22.04
How to build an acme2certifier cluster on Alma Linux 9
How to build an acme2certifier cluster on Ubuntu 22.04
How to contribute to this project
How to create your own CA Handler
Installation on Apache2 Running on Ubuntu 22.04
Installation on NGINX Running on Alma Linux 9
Installation on Nginx Running on Ubuntu 22.04
Installation on nginx running on Ubuntu 22.04
Pass Information from ACME Client to CA Handler
Prevalidated Domain List Feature for ACME Authorization
Proxy Support in acme2certifier
Proxy support in acme2certifier
RPM Installation on AlmaLinux 9
RPM installation on Alma Linux 9
RPM installation on alma Linux 9
Reporting and Housekeeping support
SOAP CA Handler Prototype
SOAP CA handler protopype
Security Policy
Support for ACME profiling
Support for External Databases
Support for TNAuthList Identifier and tkauth 01 Challenges
Support for TNAuthList identifier and tkauth 01 challenges
Upgrading acme2certifier
Using cert manager to enroll certificate in Kubernetes environments
acme_srv.cfg configuration options
upgrading acme2certifier
vault
No results
2
Installation on Nginx Running on Ubuntu 22.04
grindsa edited this page 2025-06-27 15:44:18 +00:00
Table of Contents
- Installation on Nginx Running on Ubuntu 22.04
- Steps
- 1. Install Nginx and the Corresponding WSGI Module
- 2. Download Acme2Certifier from GitHub and Unpack It
- 3. Install the Missing Python Modules via Pip
- 4. Copy the Required Files and Directories
- 5. Adapt and Activate the Nginx Configuration File
- 6. Adapt and Place the uWSGI Configuration File
- 7. Pick the Correct CA Handler and Copy It
- 8. Configure the CA Handler in acme_srv.cfg
- 9. Ensure Correct Ownership of Files and Directories
- 10. Set Correct Permissions for the acme_srv Subdirectory
- 11. Create and Install the uWSGI Service for Acme2Certifier
- 12. Start and Enable the Acme2Certifier Service
- 13. Restart Nginx
- 14. Verify the Services
- 15. Enroll a Certificate
Installation on Nginx Running on Ubuntu 22.04
A ready-made shell script performing the tasks below can be found in the examples/install_scripts directory.
Steps
1. Install Nginx and the Corresponding WSGI Module
sudo apt-get install -y python3-pip nginx uwsgi uwsgi-plugin-python3 curl krb5-user libgssapi-krb5-2 libkrb5-3 python3-gssapi
2. Download Acme2Certifier from GitHub and Unpack It
3. Install the Missing Python Modules via Pip
sudo pip3 install -r requirements.txt
4. Copy the Required Files and Directories
sudo cp examples/acme2certifier_wsgi.py /var/www/acme2certifier/acme2certifier_wsgi.py
sudo cp -R examples/ca_handler/ /var/www/acme2certifier/examples/ca_handler
sudo cp -R examples/eab_handler/ /var/www/acme2certifier/examples/eab_handler
sudo cp -R examples/hooks/ /var/www/acme2certifier/examples/hooks
sudo cp -R examples/nginx/ /var/www/acme2certifier/examples/nginx
sudo cp examples/acme_srv.cfg /var/www/acme2certifier/examples/
sudo cp -R acme_srv/ /var/www/acme2certifier/acme_srv
sudo cp -R tools/ /var/www/acme2certifier/tools
sudo cp examples/db_handler/wsgi_handler.py /var/www/acme2certifier/acme_srv/db_handler.py
5. Adapt and Activate the Nginx Configuration File
sudo sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" examples/nginx/nginx_acme_srv.conf
sudo cp examples/nginx/nginx_acme_srv.conf /etc/nginx/sites-available/acme_srv.conf
sudo ln -s /etc/nginx/sites-available/acme_srv.conf /etc/nginx/sites-enabled/acme_srv.conf
6. Adapt and Place the uWSGI Configuration File
- The uWSGI socket file will be located in
/var/www/acme2certifier. - The uWSGI daemon will run under the
www-datauser. - The uWSGI plugin for Python 3 must be activated.
sudo sed -i "s/\/run\/uwsgi\/acme.sock/acme.sock/g" examples/nginx/acme2certifier.ini
sudo sed -i "s/nginx/www-data/g" examples/nginx/acme2certifier.ini
sudo echo "plugins=python3" >> examples/nginx/acme2certifier.ini
sudo cp examples/nginx/acme2certifier.ini /var/www/acme2certifier
7. Pick the Correct CA Handler and Copy It
Select the appropriate CA handler from the examples/ca_handler directory and copy it to:
sudo cp examples/ca_handler/<your_ca_handler>.py /var/www/acme2certifier/acme_srv/ca_handler.py
8. Configure the CA Handler in acme_srv.cfg
Refer to the Example for Insta Certifier.
9. Ensure Correct Ownership of Files and Directories
sudo chown -R www-data:www-data /var/www/acme2certifier/
10. Set Correct Permissions for the acme_srv Subdirectory
sudo chmod a+x /var/www/acme2certifier/acme_srv
11. Create and Install the uWSGI Service for Acme2Certifier
cat <<EOT > acme2certifier.service
[Unit]
Description=uWSGI instance to serve Acme2Certifier
After=network.target
[Service]
User=www-data
Group=www-data
WorkingDirectory=/var/www/acme2certifier
Environment="PATH=/var/www/acme2certifier"
ExecStart=uwsgi --ini acme2certifier.ini
[Install]
WantedBy=multi-user.target
EOT
sudo cp acme2certifier.service /etc/systemd/system/acme2certifier.service
12. Start and Enable the Acme2Certifier Service
sudo systemctl start acme2certifier
sudo systemctl enable acme2certifier
13. Restart Nginx
sudo systemctl restart nginx
14. Verify the Services
Check if Nginx and uWSGI are up and running:
curl http://127.0.0.1/directory
Expected output:
{
"newAccount": "http://127.0.0.1/acme_srv/newaccount",
"fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "http://127.0.0.1/acme_srv/key-change",
"newNonce": "http://127.0.0.1/acme_srv/newnonce",
"meta": {
"home": "https://github.com/grindsa/acme2certifier",
"author": "grindsa <grindelsack@gmail.com>"
},
"newOrder": "http://127.0.0.1/acme_srv/neworders",
"revokeCert": "http://127.0.0.1/acme_srv/revokecert"
}
15. Enroll a Certificate
Use your preferred ACME client to enroll a certificate. If it fails, check the CA handler configuration, logs, and enable debug mode in Acme2Certifier for troubleshooting.