wiki:LLwithoutApache

Using Let's Encrypt on a System without Apache

You will need gcc etc

apt install build-essential
apt install xinetd

Install micro_https

If you can install micro-httpd from packages

apt install micro-httpd

Or you can install micro_httpd from source

cd /usr/local/src
wget http://acme.com/software/micro_httpd/micro_httpd_14Aug2014.tar.gz
tar xf micro_httpd_14Aug2014.tar.gz 
rm micro_httpd_14Aug2014.tar.gz
cd micro_httpd/
make
make install

Run out of Xinetd

Systemd may be aggressive about running micro-http

smb suggests first

systemctl stop micro-http.socket

And then

systemctl enable micro-http.service
systemctl start micro-http.service

We want to run it out of xinetd.

cat > /etc/xinetd.d/micro_http << EOF
service micro_httpd
{
     disable         = no
     protocol        = tcp
     port            = 80
     socket_type     = stream
     wait            = no
     user            = www-data
     server          = /usr/local/sbin/micro_httpd
     server_args     = /home/acme/challenges
     }
EOF
systemctl enable xinetd.service
systemctl start xinetd.service

Hack /etc/services to be

#http           80/tcp          www             # WorldWideWeb HTTP
micro_httpd     80/tcp                          # WorldWideWeb HTTP

Hack the http Directory

Now make .well-known/challenges work

cd ~acme/challenges
chmod 755 .
mkdir .well-known
chown acme:www-data .well-known
cd  .well-known
ln -s .. acme-challenge

Make the file to be fetched in test mode

cd ~acme
echo gobbledygook > challenges/foo
chmod 644 challenges/foo

Test It

From a distant system, try

curl http://mail.rg.net/.well-known/acme-challenge/foo
Last modified 17 months ago Last modified on Nov 7, 2018, 12:44:40 PM