Setting up the Let's Encrypt app

From Univention Wiki

Jump to: navigation, search
Produktlogo UCS Version 4.1
Note: This article is not yet reviewed.


On UCS 4.1, Let's Encrypt requires a bit of configuration.

First of all, the system must be reachable from the Internet for validation! To verify that, the host command may be used.

host -t A service1.example.com    
 service1.example.com has address 1.2.3.4

To configure the service, use UCR:

Configure hostname(s) (separated by space) to obtain a certificate for:

ucr set letsencrypt/domains="www.somedomain.com www.anotherdomain.org"

Enable already integrated services, you want to use the certificate in:

ucr set letsencrypt/services/apache2=yes
ucr set letsencrypt/services/postfix=yes 
ucr set letsencrypt/services/dovecot=yes

Get the certificate and install a cron job to automate renewal, by executing this script:

/usr/share/univention-letsencrypt/setup-letsencrypt

Once the certificate is successfully obtained, Let's Encrypt is fully set up and renews the certificate on it's own.

If you want to change the hostname in the certificate later on, just change the UCR variable accordingly and re-run the setup-letsencrypt script.

Personal tools