Forum

Hi there,

I've got Hiawatha and Let's Encrypt working since yesterday.

In case someone wants to do the same thing, here's a short tutorial:
https://robotanarchy.space/lets-encrypt-hiawatha/

Thanks!! Posted the link via Twitter.

BTW: Using the official letsencrypt tool it is not possible to verify the domain with the webroot method: https://github.com/letsencrypt/letsencrypt/issues/1445

Is a workaround possible? Maybe by allowing access to the /.well-known/acme-challenge/ directory using the Directory {} settings?

Forget about my last message! The AllowDotFiles actually is everything you need to access dot files (see note [1]). But: In the same VirtualHost {} section I am using UseToolkit = wordpress with following rule: RequestURI exists Return.
This rule still does not match if a file is in the /.well-known/ directory. I also had to add the rule Match ^/.well-known/(.*) Return to the url toolkit. Maybe this can be considered as a bug, I do not know. At least it is something you have to know.

Notes:
1: Maybe the manual page should not say "allow Hiawatha to upload files that start with a dot" because first I thought it means uploading a file to the web server. Actually it means that files that start with a dot can be downloaded by the client.

Thanks for the feedback. Both issues have been fixed.

Thanks! So with this being fixed, setting up Let's Encrypt is actually even more easy than in the HowTo. All you have to do is:
1. Get letsencrypt-auto:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

2. Run letsencrypt-auto. It installs all dependencies (at least on Debian):

./letsencrypt-auto --server https://acme-v01.api.letsencrypt.org/directory --help

3. Get certs. Use the webroot of Hiawatha to authenticate the desired domains. The letsencrypt-auto script puts some files in the /.well-known/ subdirectory. These files are downloaded by the Let's Enrypt server to verify you are the domain holder:

./letsencrypt-auto certonly -a webroot --webroot-path /srv/www/example.com/ -d example.com -d www.example.com --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview

4. If this succeeds you can copy the certs to the hiawatha config directory (hiawatha need's a specific certificate format), add the file to hiawatha's config and restart the hiawatha:

cat /etc/letsencrypt/live/example.com/privkey.pem /etc/letsencrypt/live/example.com/cert.pem /etc/letsencrypt/live/example.com/chain.pem > /etc/hiawatha/tls/example.com.pem
chmod 400 /etc/hiawatha/tls/example.com.pem
/etc/init.d/hiawatha restart

VirginSteele, thanks for your alternative tutorial with the official client. I've linked it in my blog post