install_rpm.md

RPM installation on AlmaLinux/Redhat EL/CentOS Stream 9

1. Download the latest RPM package.

2. Install "Extra Packages for Enterprise Linux (EPEL)"

$ sudo yum install -y epel-release
$ sudo yum update -y

3. Install the RPM packages

$ sudo yum -y localinstall /tmp/acme2certifier/acme2certifier-0.23.1-1.0.noarch.rpm

4. Copy NGINX configuration file

$ cp /opt/acme2certifier/examples/nginx/nginx_acme_srv.conf /etc/nginx/conf.d

5. Copy NGINX ssl configuration file (optional)

$ cp /opt/acme2certifier/examples/nginx/nginx_acme_srv_ssl.conf /etc/nginx/conf.d

5. Create a configuration file acme_srv.cfg in /opt/acme2certifier/acme_srv/ or use the example stored in the examples directory
6. Modify the configuration file according to you needs
7. Configure the CA handler according to your needs. Example for Insta Certifier
8. Enable and start the acme2certifier service

$ systemctl enable acme2certifier.service
$ systemctl start acme2certifier.service

9. Enable and start the nginx service

$ systemctl enable nginx.service
$ systemctl start nginx.service

10. Test the server by accessing the directory resource

$ curl http://<your server name>/directory
{"newAccount": "http://127.0.0.1:8000/acme_srv/newaccount", "fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "http://127.0.0.1:8000/acme_srv/key-change", "newNonce": "http://127.0.0.1:8000/acme_srv/newnonce", "meta": {"home": "https://github.com/grindsa/acme2certifier", "author": "grindsa <grindelsack@gmail.com>"}, "newOrder": "http://127.0.0.1:8000/acme_srv/neworders", "revokeCert": "http://127.0.0.1:8000/acme_srv/revokecert"}

11. Try to enroll a certificate by using your favourite acme-client. If something does not work enable debugging in /opt/acme2certifier/acme_srv/acme_srv.cfg and check /var/log/messages for errors.