Let's Encrypt, is a Certificate Authority that provides free certificates, and has a mission of enabling SSL everywhere.
This article is intended as a guide to assist with the installation of the LetsEncrypt SSL certificate on to the Acquia Cloud platform.
Note that this guide assumes you are using OSX/Linux.
certbot locally (see https://certbot.eff.org/docs/install.html)
.htaccess file in your codebase
- Just above '
RewriteRule "(^|/)." - [F]', add the following snippet :
RewriteRule "^.well-known/acme-challenge" - [L]'
3. Run the command :
certbot --manual certonly’
4. Create files in
docroot/.well-known/acme-challenge as per instructions
5. Commit your changes using :
(Optional) If you are using Pipelines, then perform a build, if you need to.
6. Go to
/etc/letsencrypt/live/ on your local machine for the certificate files.
7. Install the certificate, private key, chain in the Acquia Cloud SSL Self Service UI.
1. Note that this guide assumes you are using OSX/Linux.
sudo certbot certonly --manual --no-eff-email --agree-tos -m [EMAIL] -d [DOMAIN_1] -d [DOMAIN_N] replacing
[EMAIL] with your email and the domains you want the certificate to cover. You will be presented with:
------------------------------------------------------------------------------- NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? ------------------------------------------------------------------------------- (Y)es/(N)o: Y
... select Y in order to continue.
You will be presented with:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Create a file containing just this data: [LONG-STRING-DATA] And make it available on your web server at this URL: http://[DOMAIN]/.well-known/acme-challenge/[LONG-STRING] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
Pause the process at this point.
3. For Drupal 7 you can just use the module letsencrypt_challenge which allows you to set some output for an
http://[DOMAIN]/.well-known/acme-challenge/[LONG-STRING] url easily.
4. Manual method for Drupal 8 or 7
4.1. Without pressing the Enter, clone your repository(see here).
4.2. Create the challenge directory and place the file in it. In your repository
docroot create a file inside a newly created directory replacing [
LONG-STRING] with the one from prompt when you paused the process (see above):
$ mkdir -p .well-known/acme-challenge $ touch .well-known/acme-challenge/[LONG-STRING]
4.3. In a text editor open the file and paste the
[LONG-STRING-DATA] provided by the certbot prompt in the file and save it.
4.4. Add and commit to git all the changes (see Sending updates to your code repository) and deploy the branches/tags containing the changes to the Acquia environment you wish (see Code workflows with Acquia Cloud).
Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/[domain]/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/[domain]/privkey.pem Your cert will expire on [date]. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
6. Copy the contents of the certificate you just generated on your local machine to the Acquia Cloud interface SSL page.
6.1. On your local machine you can view the content of the
pem files using the following commands (the default location is
$ sudo cat /etc/letsencrypt/live/[domain]/fullchain.pem $ sudo cat /etc/letsencrypt/live/[domain]/privkey.pem
6.2. Following Managing SSL certificates once you reach step 4, you should populate the fields with the contents of the
privkey.pem. Note that the first entry of
fullchain.pem goes in the SSL certificate field.
7. You can now proceed to the next steps of Managing SSL certificates to Activate the certificate.