Skip to content
/ freeipa-letsencrypt Public
forked from freeipa/freeipa-letsencrypt

A quick hack allowing to use Let's Encrypt certificates for FreeIPA web interface.

0 stars 72 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jpreston84/freeipa-letsencrypt

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
ca
ca
 
 
README.md
README.md
 
 
renew-le.sh
renew-le.sh
 
 
setup-le.sh
setup-le.sh
 
 

Repository files navigation

These two scripts try to automatically obtain and install Let's Encrypt certs to FreeIPA web interface.

To use it, do this:

  • BACKUP /etc/httpd/alias to some safe place (it contains private keys!)
  • clone/unpack all scripts including "ca" subdirectory somewhere (/root/ipa-le is the default)
  • set WORKDIR variable to the directory you cloned the repository to in scripts setup-le.sh and renew-le.sh
  • set EMAIL variable in script renew-le.sh
  • run "yum install dnf" (a stock FreeIPA machine doesn't have dnf installed)
  • run "kinit your-admin-username" to get a Kerberos ticket (necessary to install the new certificates)
  • run setup-le.sh script once to prepare the machine. The script will:
    • install Let's Encrypt client package
    • install Let's Encrypt CA certificates into FreeIPA certificate store
    • requests new certificate for FreeIPA web interface
  • run renew-le.sh script once a day: it will renew the cert as necessary
    • run "crontab -e" as root
    • add the line "* * * * * /root/ipa-le/renew-le.sh"

If you have any problem, feel free to contact FreeIPA team: http://www.freeipa.org/page/Contribute#Communication

About

A quick hack allowing to use Let's Encrypt certificates for FreeIPA web interface.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%