Setup for production
Prepare the environment
In order to run an ACME responder, you will need:
- A Linux appliance with the 443 open
- Access to the port 80 of the clients
- A reverse proxy with a valid TLS certificate
Prepare the storage
In order to use ACMEResponder, you must first create a directory to store the CA certificate and the accounts public keys:
mkdir storage
Prepare the certification authority
You also (obviously) need a certification authority to sign the issued certificates. It is up to you to obtain a valid Certificate Authority.
However, for testing purpose, you can also create a self-signed certificate :
# Create a CA private key
openssl genrsa -out storage/ca-privkey.pem 4096
# Create a CA signing key
openssl req -new -key storage/ca-privkey.pem -x509 -days 1000 -out storage/ca-pubkey.pem -subj "/C=FR/ST=Loire/L=StEtienne/O=Global Security/OU=IT Department/CN=example.com"
Without a certificate issued by a well-known root certification authority and authorized to sign certificate (IsCA
constraint set to true), the certificates issued by ACMEResponder won't be recognized by default by the TLS endpoints software programs (browsers, CLI utilities...)
However, you can still use your self-signed certification authority on your own devices by installing them on your trusted certificates store.
Using Docker
The easiest way to install ACMEResponder is to use our Docker image. You can run it using the following command:
docker run --rm -v $(pwd)/storage:/storage -p 80:80 pierre42100/acme-responder
Install it from sources
You can also install ACMEResponder from source. In order to do so:
- You must first clone the source code of the repository:
git clone https://github.com/pierre42100/ACMEresponder
cd ACMEresponder
- Create a Python environment:
python3 -m venv venv
- Switch the shell to the created environment:
source venv/bin/activate
- Setup dependencies
pip install -r requirements.txt
- You should then be ready to run the server:
STORAGE_PATH=/path/to/storage uvicorn src.server:app --host 0.0.0.0 --port 80
Configuration
Some aspects of ACMEResponder can be customized. See the Configuration section to learn more.
Build Docker image
If you wish to build by yourself the Docker image of the project, you can do so by running the following command:
bash build-docker-image.sh