[Guide] Adding a Let's Encrypt certificate to the Turris Omnia

cimnine · May 18, 2019, 11:19am

I’ve just managed to use Let’s Encrypt on my Turris Omnia without changing any of the configuration files already installed (*). (i.e. I only added new files / settings, and didn’t have to change anything that was already there.)

This doesn’t work if you forward your port 80 to some other device on your network.

Have fun: https://brainfood.xyz/post/20190518-letsencrypt-on-turris-omnia/

~Chris

(*) Except for the self-signed certificate that was generated initially, which will be replaced by the Let’s Encrypt certificate.

fasteth · May 20, 2019, 11:41am

Hello,

Thanks a lot for this thread. Can I please you to move your guide to our community documentation?
We would really appreciate this.

cimnine · May 21, 2019, 10:06pm

Sure, here you go.

aker · May 23, 2019, 8:05am

You dont have comments enabled on your blog, so I’m posting it here:

root@turris:~# ./.acme.sh/acme.sh --accountemail "$EMAIL" --update-account
[Thu May 23 09:03:44 BST 2019] Account key is not found at: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key

cimnine · May 25, 2019, 11:22am

Could you try it like this:

./.acme.sh/acme.sh --accountemail "email@your.domain" --update-account

lucasrangit · May 20, 2020, 3:19pm

@aker, You need to run --register-account first instead of --update-account. That’s missing from the tutorial.

Cabal · September 26, 2020, 8:37am

In version 5.1.1 it does not work if You have Data Collection -> Minipots installed.
The minipot holds port 80 and has priority.
This should be fixed in 5.1.2

lucenera · January 18, 2023, 10:38pm

Nice, but after creating the 80-letsencrypt configuration you have to restart lighttpd, before issuing the first certificate.
Then how does acme reapply the firewall rules when renewing the certificate? Does it have an built in script?