Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ac000/lehttpd

Micro http server whose sole purpose is to answer letsencrypt challenge responses.
https://github.com/ac000/lehttpd

http-server letsencrypt-utils

Last synced: 7 days ago
JSON representation

Micro http server whose sole purpose is to answer letsencrypt challenge responses.

Awesome Lists containing this project

README

        

lehttpd is a micro http server with the sole purpose of answering
letsencrypt[0] challenge responses.

Handy for when you are issuing certificates for servers with no running
web server and you don't really want to set one up etc.

Usage is simply a matter of calling lehttpd and telling it where the
letsencrypt challenge directory is. lehttpd simply takes the last path
component of the request and sends that file from the specified directory.

E.g. if it gets the request

/.well-known/acme-challenge/6rEoXjsdTITO7tJUXj-aXY-RN2CYOF1O6JsgfFqCeUs

it will simply send the file

6rEoXjsdTITO7tJUXj-aXY-RN2CYOF1O6JsgfFqCeUs

I use this in conjunction with the C based acme-client[1].

Seeing as all this is meant to be automated. Here's what a shell script to
drive this might look like...

#!/bin/sh
#

if [[ ! -d /tmp/acme ]]; then
mkdir /tmp/acme
fi

# Will run for 60 seconds then terminate
lehttpd /tmp/acme &

sleep 1

acme-client -v my.domain.com

if [ $? -eq 0 ]; then
# Certificates changed
systemctl restart service1
systemctl restart service2
...
fi

exit 0

lehttpd uses libmicrohttpd[2] and should be run as root, once started, it
chroot's to the specified directory and switches to the 'nobody' user. It
will run for 60 seconds then terminate.

On Red Hat/Fedora based systems you yill need the libmicrohttpd-devel package
and on Debian it's libmicrohttpd-dev

Also if you have libseccomp[3] installed it will try to make use of the
Linux kernels seccomp support. This also needs the SCMP_FLTATR_CTL_TSYNC
flag, which is also checked for at run-time.

On Red Hat/Fedora based systems you yill need the libseccomp-devel package
and on Debian it's libseccomp-dev

The libseccomp detection uses pkg-config which on Red Hat et al is either
the pkgconfig or pkgconf-pkg-config package for newer systems. On Debian it's
pkg-config.

This is licensed under the GNU General Public License version 2. See
COPYING.

[0] - https://letsencrypt.org/
[1] - https://git.wolfsden.cz/acme-client-portable
[2] - http://www.gnu.org/software/libmicrohttpd/
[3] - https://github.com/seccomp/libseccomp