Symbiosis with github.com/hlandau/acme

0-symbiosis-with-github.com_hlandau_acme.md

Instructions for using github.com/hlandau/acme with Symbiosis

• Install the binary from the repo
• Run acmetool quickstart, choose the Proxy option, and enable the cronjob
• Add this line after the <VirtualHost...:80 stanzas in the config files in /etc/symbiosis/apache.d: ProxyPass "/.well-known/acme-challenge" "http://127.0.0.1:402/.well-known/acme-challenge"
• Enable apache mod_proxy - a2enmod proxy_http
• Copy the attached hook into /usr/lib/acme/hooks and make it executable
• Run acmetool want domain.tld www.domain.tld for any domains you want to be secured

hook.rb

#!/usr/bin/ruby 
require 'fileutils'

unless ARGV.first == "live-updated" 
  STDERR.puts "This should be run as a hook by acmetool"
  exit 1
end

def acmepath(domain,element)
  File.join(ENV["ACME_STATE_DIR"],"live",domain,element)
end

def sympath(domain, element)
  File.join("/srv",domain,"config","ssl.#{element}")
end

while domain = STDIN.gets do
  next if domain.nil?
  domain.strip!
  pts = domain.split(".",2)
  domain = pts[1] if pts[0] == "www"
  next unless File.directory?(File.join("/srv",domain))
  FileUtils.install(acmepath(domain,"privkey"), sympath(domain,"key"), :mode=>0600)
  FileUtils.install(acmepath(domain,"chain"), sympath(domain,"bundle"), :mode=> 0600)
  FileUtils.install(acmepath(domain,"cert"), sympath(domain,"crt"), :mode=> 0600)
  FileUtils.chown('admin', 'admin', Dir.glob(sympath(domain,"*")))
  %x[symbiosis-httpd-configure -v]
end

As of the Symbiosis Jessie released, this is no longer-needed as Symbiosis now has Letsencrypt support built in.