RPM Installation on AlmaLinux 9 - grindsa/acme2certifier GitHub Wiki
RPM Installation on AlmaLinux/Red Hat EL/CentOS Stream 9
1. Download the Latest RPM Package
Download the latest RPM package.
2. Install "Extra Packages for Enterprise Linux (EPEL)"
sudo yum install -y epel-release
sudo yum update -y
3. Install the RPM Package
sudo yum -y localinstall /tmp/acme2certifier/acme2certifier-0.23.1-1.0.noarch.rpm
Red Hat 8.x: Upgrade Required Packages
If installing on Red Hat 8.x, upgrade the following packages:
- python3-cryptography to version 36.0.1 or higher.
- python3-dns to version 2.1 or higher.
- python3-jwcrypto to version 0.8 or higher.
Backports of these packages from RHEL 9 can be found in the A2C RPM repository:
- python3-cryptography-36.0.1-4.el8.x86_64.rpm
- python3-dns-2.1.0-6.el8.noarch.rpm
- python3-jwcrypto-0.8-4.el8.noarch.rpm
Additional Modules for Specific CA Handlers
Depending on your CA handler, you may need these additional modules:
- python3-impacket-0.11.0 for MS WCCE handler.
- python3-ntlm-auth-1.5.0 for MS WSE handler.
- python3-requests_ntlm-1.1.0 for MS WSE handler.
- python3-requests-pkcs12-1.16 for EST or EJBCA handler.
4. Copy the Nginx Configuration File
sudo cp /opt/acme2certifier/examples/nginx/nginx_acme_srv.conf /etc/nginx/conf.d/
5. Copy the Nginx SSL Configuration File (Optional)
sudo cp /opt/acme2certifier/examples/nginx/nginx_acme_srv_ssl.conf /etc/nginx/conf.d/
6. Create and Configure acme_srv.cfg
Create the configuration file in /opt/acme2certifier/acme_srv/ or use the example provided in the examples directory.
Modify the configuration file according to your needs.
7. Configure the CA Handler
Set up the CA handler as needed. Example for Insta Certifier.
8. Enable and Start the Acme2Certifier Service
sudo systemctl enable acme2certifier.service
sudo systemctl start acme2certifier.service
9. Enable and Start the Nginx Service
sudo systemctl enable nginx.service
sudo systemctl start nginx.service
10. Verify the Server
Test the directory resource:
curl http://<your-server-name>/directory
Expected output:
{
"newAccount": "http://127.0.0.1:8000/acme_srv/newaccount",
"fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "http://127.0.0.1:8000/acme_srv/key-change",
"newNonce": "http://127.0.0.1:8000/acme_srv/newnonce",
"meta": {
"home": "https://github.com/grindsa/acme2certifier",
"author": "grindsa <[email protected]>"
},
"newOrder": "http://127.0.0.1:8000/acme_srv/neworders",
"revokeCert": "http://127.0.0.1:8000/acme_srv/revokecert"
}
11. Enroll a Certificate
Use your preferred ACME client to enroll a certificate. If an issue occurs, enable debugging in /opt/acme2certifier/acme_srv/acme_srv.cfg and check /var/log/messages for errors.