[Guide] Adding a Let's Encrypt certificate to the Turris Omnia

I’ve just managed to use Let’s Encrypt on my Turris Omnia without changing any of the configuration files already installed (*). (i.e. I only added new files / settings, and didn’t have to change anything that was already there.)

This doesn’t work if you forward your port 80 to some other device on your network.

Have fun: https://brainfood.xyz/post/20190518-letsencrypt-on-turris-omnia/


(*) Except for the self-signed certificate that was generated initially, which will be replaced by the Let’s Encrypt certificate.



Thanks a lot for this thread. Can I please you to move your guide to our community documentation?
We would really appreciate this.


Sure, here you go.


You dont have comments enabled on your blog, so I’m posting it here:

root@turris:~# ./.acme.sh/acme.sh --accountemail "$EMAIL" --update-account
[Thu May 23 09:03:44 BST 2019] Account key is not found at: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key

Could you try it like this:

./.acme.sh/acme.sh --accountemail "email@your.domain" --update-account

@aker, You need to run --register-account first instead of --update-account. That’s missing from the tutorial.

In version 5.1.1 it does not work if You have Data Collection -> Minipots installed.
The minipot holds port 80 and has priority.
This should be fixed in 5.1.2

Nice, but after creating the 80-letsencrypt configuration you have to restart lighttpd, before issuing the first certificate.
Then how does acme reapply the firewall rules when renewing the certificate? Does it have an built in script?