starred/lemanager
1
0
Fork 0
mirror of https://github.com/analogic/lemanager.git synced 2026-04-25 03:55:52 +03:00
Code Issues 5 Projects Releases Packages Wiki Activity
Simple containerized web application for managing, issuing certificates (and email alerting) from Let's Encrypt certificate authority.
40 commits 2 branches 0 tags 277 KiB
  • PHP 86.9%
  • CSS 10%
  • Dockerfile 1.5%
  • Shell 1%
  • Hack 0.6%
Find a file
Exact
SH c0054167ab update paths
2019-09-30 17:18:15 +02:00
bin first commit 2015-12-14 15:32:28 +01:00
rootfs/etc update paths 2019-09-30 16:48:18 +02:00
src reuse CSR 2016-02-08 17:02:29 +01:00
web reuse CSR 2016-02-08 16:47:40 +01:00
.gitignore first commit 2015-12-14 15:32:28 +01:00
composer.json update paths 2019-09-30 17:11:09 +02:00
composer.lock update paths 2019-09-30 17:11:09 +02:00
Dockerfile update paths 2019-09-30 17:18:15 +02:00
README.md Update README.md 2016-05-06 06:52:38 +02:00

README.md

LEManager

Simple containerized web application for managing, issuing certificates (and email alerting) from Let's Encrypt certificate authority.

Installation

  1. direct domain like cert.example.com to your server where LEManager going to be installed

  2. download docker container and run it:

    ~# docker run --name lemanager \
  -v */certificates_dir*:/data \ 
  -e "HTTP_PASSWORD=*your_password*" \
  -e "HOSTNAME=*cert.example.com*" \
  -p *80*:80 \
  analogic/lemanager

    If you have port 80 in use you can use your existing webserver as reverse proxy (see NGiNX snippet).

  3. go to http://cert.example.com, login with username admin and password your_password, setup "Email alerts settings" and issue new cert for example.com

  4. in folder /certificates_dir/example.com you should find new certificate if everything goes ok. Add certificate to your webserver. NGiNX example:

    server {
    listen       443 ssl http2;
    server_name  example.com;

    **ssl_certificate */certificates_dir/example.com*/fullchain.pem;
    ssl_certificate_key */certificates_dir/example.com*/private.pem;
    ssl_trusted_certificate */certificates_dir/example.com*/fullchain.pem;**

    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

    ...
}

  5. reload your webserver with something like: service nginx reload or killall -HUP nginx. For doing reloads regularly when certificates automaticly renews you might find handy incrond which watch changes of filesystem and exec defined command. Or simply ad reload/HUP command to your daily/weekly cron. LEManager renews certificate every day at 1:01 after 14 days of its existence.

NGiNX snippet for proxiing challanges only

server {
    listen       80;
    server_name  example2.com www.example2.com;

    location ^~ /.well-known {
        proxy_pass http://<container_host>:<container_port_80>;
    }

    ; redirect to https version if you need that
    location / {
        return 301 https://$server_name$request_uri;
    }

    ...
}

Screenshots

LEManager screenshot 0 LEManager screenshot 1 LEManager screenshot 2 LEManager screenshot 3

Why i created LEManager?

Because of implementation of Let's Encrypt to Poste.io!