Parliament Hill Computers LtdParliament Hill Computers Ltd

Overview of how phcl_acme works with acme_tiny

Four scripts

There are four scripts. These are written to be simple, which means that they are easy to audit

  1. CreateSigningRequests from a family.cnf file generates a family.csr file
  2. CheckSiteAccess examines a family.csr and checks that Apache is correctly configured so that Let's Encrypt will sign the certificate
  3. GetSignedCertificate requests Let's Encrypt to sign a family.csr returning a family.cst
  4. RenewCertificates keeps expiring certificates from expiring — run from cron

There is also InitialSetup, only run once (by root) to set up directory structure, create users.

Users & directory location

Two users are created:

The HOME directory for both of these users is /var/www/acme/

The user names & base directory can easily be changed.

What is in /var/www/acme/

Note also directory permissions. Some files are very sensitive and must be kept secure to keep the web server secure.

Next page: Install of phcl_acme

Return to How to Configure Let's Encrypt with

Return to tutorial home.

If you want any help using the above, or have any comments or suggestions, please contact us.