Hi,
Update: github.com/kuba/simp_le is dead, the github.com/zenhack/simp_le fork is to be used instead.
The following post documents how I used Let’s Encrypt to secure this WordPress site which hosted on OpenShift.
The following is based on this forum post/tutorial. I just made it work with virtualenv and a PHP OpenShift app.
Please note that you need to be a bronze OpenShift user to be able to do this as they don’t allow custom certificates for regular free users.
Login into your rhc app & go to ~/app-root/data
|
1 2 |
rhc ssh <app_name> cd app-root/data |
Spin-up a virtualenv:
|
1 2 3 |
virtualenv letsencrypt cd letsencrypt source bin/activate |
Install dependencies via pip in the virtualenv:
|
1 2 3 |
pip install git+https://github.com/zenhack/simp_le pip install --upgrade six pip install --upgrade setuptools |
The cool part is that it seems multiple apps share the same environment and you might need to do the above steps only once for all your apps.
Now generate the certificates:
|
1 2 3 4 5 |
gear stop mkdir -p /tmp/http/.well-known/acme-challenge cd /tmp/http wget https://gist.githubusercontent.com/bmsleight/bc34254eed0ee458738e/raw/61110fe6e3980f0c6a401acae93f221f56b1eced/simple_acme_server.py OPENSHIFT_PYTHON_IP=$OPENSHIFT_PHP_IP OPENSHIFT_PYTHON_PORT=$OPENSHIFT_PHP_PORT python simple_acme_server.py & |
The trick is in the last line where we use the PHP environment variables for this python script.
Now pull the certificates:
|
1 2 |
cd ~/app-root/data/ simp_le --email example@example.com -f account_key.json -f fullchain.pem -f key.pem -d www.example.com --default_root /tmp/http |
Or course, replace “www.example.com” with your hostname.
Restart your app & exit:
|
1 2 3 |
killall python gear start exit |
Pull the certificates to your local filesystem:
|
1 2 |
rhc scp -a <app_name> download ./ ./app-root/data/fullchain.pem rhc scp -a <app_name> download ./ ./app-root/data/key.pem |
Set them on your app:
|
1 |
rhc alias update-cert <app_name> www.example.com --certificate fullchain.pem --private-key key.pem |
Again replace www.example.com with your hostname.
Aaand we’re done!
Thanks, this was perfect.
I added a terms of service hash argument to the “simp_le –email…” line to resolve a “TOS hash mismatch” error.
–tos_sha256 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221