LetsEncrypt setup

I had some free time, and an upcoming expiring cert on my GMS server so I decided to give LE a shot on GMS.
I thought I would share how I set it up, in case anyone was curious. Seems to be working OK with Android and IOS. I have no Windows phone to test it on, but I wouldn't expect any issues.

I am running on SLES11 SP4, and using acme.sh for my LE client.

here is the basic setup:

install acme.sh using wget
acme.sh github


#wget -O - https://get.acme.sh|sh


issue certs using acme.sh, adding autodiscover as a SAN
with mobile.domain.com being your GMS server fqdn


#acme.sh --issue -d mobile.domain.com --standalone -d autodiscover.domain.com


If you receive an error(I did) about missing netcat(nc), even though netcat is installed, install netcat-openbsd through YAST and try again.

This will create a cron entry that will run every night, but only generate new certs every 60 days.
certs will be downloaded to ~/.acme.sh/mobile.domain.com/

to create the cert that GMS can use:

#cat ~/.acme.sh/mobile.domain.com/mobile.domain.com.key ~/.acme.sh/mobile.domain.com/fullchain.cer > ~/.acme.sh/mobile.domain.com/server.pem;


I added this bit to see if the file has changed from last time, and if it has, copy to where GMS can see it and restart GMS.

ck1=`md5sum ~/.acme.sh/mobile.domain.com/server.pem|awk -F" " '{print $1}'`;
ck2=`md5sum /var/lib/datasync/device/mobility.pem|awk -F" " '{print $1}'`;

if [ $ck1 != $ck2 ]
then
/bin/cp -f ~/.acme.sh/mobile.domain.com/server.pem /var/lib/datasync/webadmin/server.pem;
/bin/cp -f /var/lib/datasync/webadmin/server.pem /var/lib/datasync/device/mobility.pem;
/usr/sbin/rcgms restart;
fi;
Parents Reply Children