Zum Inhalt

Using Certbot with TomatenHTTP

Install Certbot

See instructions on the Certbot website. Select Software: Other and your target System. Follow only the instructions to get the certbot command running (steps 1 to 5), then before actually using it come back here.

State-of-the-Art, automatic way to obtain your certificate

Assuming your TomatenHTTP server is located at /root/http/.

Initial

  • cd /root/http
  • Stop the TomatenHTTP server.
  • tomatenpack install TomatenHTTP-CertbotWebroot
  • Start the TomatenHTTP server.
  • Run certbot certonly --webroot and follow the interactive instructions to obtain your certificate. Provide /root/http/cert/certbotwebroot as the servers webroot folder.

You now already have an initial certificate, see certificate installation on how to put it into your TomatenHTTP server.

Renewal

Renewal is automatic, but certificate installation unfortunately is not.

Certbot renews the certificate every 2 months. The certificates are valid for 3 months, so you can install it any time in the following month.

Certbot places files inside <http>/cert/certbotwebroot/.well-known/acme-challenge which TomatenHTTP will then serve under */.well-known/acme-challenge to complete the challenge and obtain a new certificate without any user interaction.

Classic, manual way to obtain your certificate

Initial

  • If running on port 80, stop the TomatenHTTP server or at least close port 80 temporarily.
  • Run certbot certonly --standalone and follow the interactive instructions to obtain your certificate.

You now already have an initial certificate, see certificate installation on how to put it into your TomatenHTTP server.

Renewal

Renewal is necessary every 2 to 3 months.

  • If running on port 80, stop the TomatenHTTP server or at least close port 80 temporarily.
  • Run certbot renew

Certificate installation

Once certbot obtained your certificate, it is located in /etc/letsencrypt/live/<primary-domain>/ and still needs to be converted for usage with TomatenHTTP. If you only have one certificate (may cover multiple domains) there is only one folder in /etc/letsencrypt/live/.

  • cd into your TomatenHTTP installation folder.
  • Go into the preinstalled cert folder with cd cert

  • Copy certificate files to raw with

    cp --dereference /etc/letsencrypt/live/<primary-domain>/* raw/

  • Convert the certificate files from raw to a PKCS12 file with OpenSSL using the preinstalled script ./makecertfile.sh

  • Start TomatenHTTP or, if it is already running, reinitialize the used ports with setup base/ports inside the TomatenHTTP console.