GreenArrow Documentation

Let’s Encrypt SSL Certificates

Let’s Encrypt is a Certificate Authority that provides free SSL certificates and a protocol to automate SSL installation and renewal.

This page outlines the procedure to install Let’s Encrypt SSL certificates on GreenArrow’s HTTP server using certbot. Certbot is an ACME protocol client that can fetch and deploy SSL certificates from Let’s Encrypt.

Installing the Certbot client

The instructions to install the certbot client depend on your Linux distribution. When this document was written, Certbot was on version 0.33.0. The instructions in this document were based on that version of Certbot and may not be accurate for other versions.

There may be changes in Certbot’s procedure to create and manage certificates, so please refer to Certbot’s website for the latest installation instructions.

Creating and Installing the SSL Certificate

GreenArrow runs its own custom web server, so Certbot’s default Apache plugin can’t be used with GreenArrow. Follow the instructions for the standalone method to work with GreenArrow’s custom web server.

  1. Optionally make a backup the SSL configuration file so you can easily roll back the changes in case any mistakes are made.

  2. Follow Certbot’s instructions to create a new certificate. The standalone method works with GreenArrow’s custom webroot, which you’ll need to define in this step. GreenArrow’s webroot is /var/hvmail/apache/htdocs/.

    NOTE: This step may require accepting their terms of service and providing a notification email address.

  3. Add the certificate to GreenArrow’s SSL configuration file.

  4. Perform a graceful restart of GreenArrow’s web server.

  5. Check GreenArrow’s services to make sure the hvmail-httpd service is still running after your edits.

  6. Follow Certbot’s instructions for automatic renewal. You can use GreenArrow’s graceful Apache restart command in Certbot’s --deploy-hook option to reload the web server after renewal.

  7. Remove the SSL configuration file backup if one was created in step 1.

  8. Optionally update the certificates used to encrypt SMTP.

More Information

For more information on how to configure HTTP and HTTPS services in GreenArrow, check out the HTTP Server page.

For more information about Let’s Encrypt, visit their web page.

For more information about Certbot, visit their web page.