This blogpost explains how to setup a H2O using the automated process.
Step 1. Install the client
% git clone https://github.com/letsencrypt/letsencrypt.git
Step 2. Obtain the certificate
If you already have a web server listening to port 80, then run:
% cd letsencrypt % ./letsencrypt-auto certonly --webroot \ --webroot-path $DOCROOT \ --email $EMAIL \ --domain $HOST1
$DOCROOTshould be the path of the web sever's document root.
$HOSTshould be the hostname of the web server (also the name for which a new certificate will be issued).
Or if you do not have a web server listening on the server, then run:
% cd letsencrypt % ./letsencrypt-auto certonly --standalone \ --email $EMAIL \ --domain $HOSTNAMEIssued certificate and automatically-generated private key will be stored under
Step 3. Configure H2O
Setup the configuration file of H2O to use the respective certificate and key files.
listen: port: 443 ssl: certificate-file: /etc/letsencrypt/live/$HOSTNAME/fullchain.pem key-file: /etc/letsencrypt/live/$HOSTNAME/privkey.pemDo not forget to replace
$HOSTNAMEs within the snippet with your actual hostname.
That's all. Pretty simple, isn't it?
Kudos to the people behind Let's Encrypt for providing all of these (for free).
For more information, please consult documents on letsencrypt.org and h2o.examp1e.net.
1: you may also need to use
--serveroption to obtain a production-ready certificate during the beta process