Hey folks,
i have just joined the beta from letsencrypt. And it works very great with pimatic.
First you need to whitelist your domain. here:
https://docs.google.com/forms/d/15Ucm4A20y2rf9gySCTXD6yoLG6Tba7AwYgglV7CKHmM/viewform?edit_requested=true&fbzx=-8040913067797313829
You have to wait some days to get whitelisted with your domain…
Then get the letsencrypt agent from git:
cd /opt
git clone https://github.com/letsencrypt/letsencrypt
To get your certificate and convert it i have written a short stupid script:
#!/bin/sh
service pimatic stop
cd /opt/letsencrypt
git pull
./letsencrypt-auto -d YOUR.DOMAIN.COM --agree-dev-preview --server \https://acme-v01.api.letsencrypt.org/directory auth
cd /etc/letsencrypt/live/YOUR.DOMAIN.COM
openssl x509 -outform der -in cert.pem -out cert.crt
openssl x509 -outform der -in fullchain.pem -out fullchain.crt
cat fullchain.pem privkey.pem > fullchain_key.pem
chmod 0700 *
service pimatic start
After the first run you need to make some symlinks
ln -s /etc/letsencrypt/live/YOUR.DOMAIN.COM/cert.crt /opt/pimatic-app/ca/certs/cacert.crt
ln -s /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem /opt/pimatic-app/ca/pimatic-ssl/private/privkey.pem
ln -s /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem /opt/pimatic-app/ca/pimatic-ssl/public/cert.pem
If your certificate expires you only need to run the script again
If you want to get notified before you could use this script:
#!/bin/sh
CertExpires=$(echo | openssl s_client -connect YOUR.DOMAIN.COM:443 2>/dev/null | openssl x509 -noout -dates | grep notAfter | sed 's/notAfter=//'| awk '{print $1, $2, $4}')
#CertExpires=openssl x509 -in /etc/letsencrypt/live/YOUR.DOMAIN.COM/cert.pem -enddate | grep "notAfter" | sed 's/notAfter=//' | awk '{print $1, $2, $4}'
echo $CertExpires
TodayPlus=`date -ud "+1 day" | awk '{print $2, $3, $6}'`
echo $TodayPlus
if [ "$CertExpires" = "$TodayPlus" ]
then
echo "Your SSL Cert will expire in 1 day."
echo "Your SSL Cert will expire in 1 day." | mail -s "SSL Cert Monitor" root
fi
Howto for nginx reverse proxy:
https://forum.pimatic.org/topic/1298/solved-pimatic-with-nginx