Skip to main content

Setup for production

Prepare the environment

In order to run an ACME responder, you will need:

  • A Linux appliance with the 443 open
  • Access to the port 80 of the clients
  • A reverse proxy with a valid TLS certificate

Prepare the storage

In order to use ACMEResponder, you must first create a directory to store the CA certificate and the accounts public keys:

mkdir storage

Prepare the certification authority

You also (obviously) need a certification authority to sign the issued certificates. It is up to you to obtain a valid Certificate Authority.

However, for testing purpose, you can also create a self-signed certificate :

# Create a CA private key
openssl genrsa -out storage/ca-privkey.pem 4096

# Create a CA signing key
openssl req -new -key storage/ca-privkey.pem -x509 -days 1000 -out storage/ca-pubkey.pem -subj "/C=FR/ST=Loire/L=StEtienne/O=Global Security/OU=IT Department/CN=example.com"
danger

Without a certificate issued by a well-known root certification authority and authorized to sign certificate (IsCA constraint set to true), the certificates issued by ACMEResponder won't be recognized by default by the TLS endpoints software programs (browsers, CLI utilities...)

However, you can still use your self-signed certification authority on your own devices by installing them on your trusted certificates store.

Using Docker

The easiest way to install ACMEResponder is to use our Docker image. You can run it using the following command:

docker run --rm -v $(pwd)/storage:/storage -p 80:80 pierre42100/acme-responder

Install it from sources

You can also install ACMEResponder from source. In order to do so:

  1. You must first clone the source code of the repository:
git clone https://github.com/pierre42100/ACMEresponder
cd ACMEresponder
  1. Create a Python environment:
python3 -m venv venv
  1. Switch the shell to the created environment:
source venv/bin/activate
  1. Setup dependencies
pip install -r requirements.txt
  1. You should then be ready to run the server:
STORAGE_PATH=/path/to/storage uvicorn src.server:app --host 0.0.0.0 --port 80

Configuration

Some aspects of ACMEResponder can be customized. See the Configuration section to learn more.

Build Docker image

If you wish to build by yourself the Docker image of the project, you can do so by running the following command:

bash build-docker-image.sh