Certbot

From Request Tracker Wiki
Revision as of 19:15, 14 February 2019 by Mis (talk | contribs) (Quick config except on how to make RT play nice with certbot to get free LetsEncrypt SSL certificates)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Returning content NOT in RT such as ACME challenges for certbot

Getting RT to serve static content can seem to be quite an issue, especially if it is to be dynamically created such as the ACME challenge/response that LetsEncrypt's certbot uses. The solution is quite simple. In your RT_SiteConfig.pm you can add the StaticRoots directive to serve static pages. Follows is an example of how to use this feature for obtaining certbot authorised requests:

Set( @StaticRoots,
        {
            path => sub { s!^/.well-known/!! },
            root => '/usr/local/share/html/.well-known/'
        },
    );

After restarting your RT server, you can then issue a certbot request as follows:

    certbot certonly --webroot -w /usr/local/share/html -d <your domain or rt hostname>

Note: This assumes '/usr/local/share/html' is your document root, change as appropriate to your site, it does not have to be the location of your RT server or files.

You can then install the certificate in your webserver as per it's documentation, by default the keys and certificates will be located in:

    /etc/letsencrypt/live/<your domain or rt hostname>/fullchain.pem
    /etc/letsencrypt/live/<your domain or rt hostname>/privkey.pem