RPM Installation on AlmaLinux 9

RPM Installation on AlmaLinux/Red Hat EL/CentOS Stream 9

1. Download the Latest RPM Package

Download the latest RPM package.

2. Install "Extra Packages for Enterprise Linux (EPEL)"

sudo yum install -y epel-release
sudo yum update -y

3. Install the RPM Package

sudo yum -y localinstall /tmp/acme2certifier/acme2certifier-0.23.1-1.0.noarch.rpm

Red Hat 8.x: Upgrade Required Packages

If installing on Red Hat 8.x, upgrade the following packages:

• python3-cryptography to version 36.0.1 or higher.
• python3-dns to version 2.1 or higher.
• python3-jwcrypto to version 0.8 or higher.

Backports of these packages from RHEL 9 can be found in the A2C RPM repository:

• python3-cryptography-36.0.1-4.el8.x86_64.rpm
• python3-dns-2.1.0-6.el8.noarch.rpm
• python3-jwcrypto-0.8-4.el8.noarch.rpm

Additional Modules for Specific CA Handlers

Depending on your CA handler, you may need these additional modules:

• python3-impacket-0.11.0 for MS WCCE handler.
• python3-ntlm-auth-1.5.0 for MS WSE handler.
• python3-requests_ntlm-1.1.0 for MS WSE handler.
• python3-requests-pkcs12-1.16 for EST or EJBCA handler.

4. Copy the Nginx Configuration File

sudo cp /opt/acme2certifier/examples/nginx/nginx_acme_srv.conf /etc/nginx/conf.d/

5. Copy the Nginx SSL Configuration File (Optional)

sudo cp /opt/acme2certifier/examples/nginx/nginx_acme_srv_ssl.conf /etc/nginx/conf.d/

6. Create and Configure acme_srv.cfg

Create the configuration file in /opt/acme2certifier/acme_srv/ or use the example provided in the examples directory.

Modify the configuration file according to your needs.

7. Configure the CA Handler

Set up the CA handler as needed. Example for Insta Certifier.

8. Enable and Start the Acme2Certifier Service

sudo systemctl enable acme2certifier.service
sudo systemctl start acme2certifier.service

9. Enable and Start the Nginx Service

sudo systemctl enable nginx.service
sudo systemctl start nginx.service

10. Verify the Server

Test the directory resource:

curl http://<your-server-name>/directory

Expected output:

{
  "newAccount": "http://127.0.0.1:8000/acme_srv/newaccount",
  "fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "http://127.0.0.1:8000/acme_srv/key-change",
  "newNonce": "http://127.0.0.1:8000/acme_srv/newnonce",
  "meta": {
    "home": "https://github.com/grindsa/acme2certifier",
    "author": "grindsa <[email protected]>"
  },
  "newOrder": "http://127.0.0.1:8000/acme_srv/neworders",
  "revokeCert": "http://127.0.0.1:8000/acme_srv/revokecert"
}

11. Enroll a Certificate

Use your preferred ACME client to enroll a certificate. If an issue occurs, enable debugging in /opt/acme2certifier/acme_srv/acme_srv.cfg and check /var/log/messages for errors.