Let’s Encrypt application allow you to manage your let’s encrypt certificates for all machines connected to your panel.
Core-Admin has been updated to manage the request and renewal of Let’s encrypt certificates. It has an easy interface that integrates with the rest of Core-Admin’s applications.
Index
Description
- This tool has a design to make an easy installation and later use of your Let’s encrypt certificates
- It is important to have your DNS pointing to the machine that is going to ask for the certificate.
- Once the certificate is installed, we can use it in different ways:
- Raw mode. It means, we take the paths of the certificate generated directly, and set up our application following the manufacturer’s instructions,
- Exporting the certificate into another core-admin application, like Web Hosting,
- Linking the certificate with known services that are using a certificate whose common-name has the same value of the let’s encrypt certificate generated. For example, postfix, dovecot, turbulence
How to use it
Installing the application
Inside Core-admin panel, we install Let’s Encrypt application following the steps as indicated in the manual. Once we click to install (“Mark application as configured”), next interface is showed, then we click on Install application,
The application starts with the installation,
If everything went ok, it should show the following indication:
In the machine panel, we can see a link to the application installed,
Let’s Encrypt certificate request
We click on Let’s Encrypt application and get next interface, where we click on the button Add Certificate,
Core-admin will give you a list of the common-names found at the server. We select the one we are interested in and type in a support contact address.
Finally, we click on Create a new Certificate. Internally, Core-admin manages all the tasks needed to get in contact with the certificate authority to generate the certificate requested,
Once it is done, we can visualice and use the certificate emited,
How to use certificate created
- Raw mode, we click on the certificate and in the Certificate information tab, we can find all the paths to the files that contain the certificate information. We can use these paths to directly set up the application, following manufacturer’s instructions.
- Exporting the certificate, we click on Links tab and then on Export to application button. Core-admin will give you the applications where to export the certificate. For example, Webhosting management. Once the combo option is chosen we click on Export application,
- Linking the certificate, we click on Links tab and then on Add Link button. Core-admin will give you the known services that are using a certificate with the same common-name. Once the combo option is chosen, we click on Add link,
Certificate renewal
To renew a certificate, we click on it and click on Certificate renewal button.
Core-Admin command line integration
All features provided by Let’s encrypt management application are also available through a command line:
>> crad-lets-encrypt.pyc –help
Usage: crad-lets-encrypt.pyc [options]
Options:
-h, –help show this help message and exit
-v, –verbose Makes crad-lets-encrypt.pyc to also drop logs into
console
-l, –list Makes crad-lets-encrypt.pyc to list current certifcates
installed
-a, –list-available-common-names
Makes crad-lets-encrypt.pyc to list available common
names that can be used to request a certificate
-r CERTIFICATE ID, –renew-certificate=CERTIFICATE ID
Makes crad-lets-encrypt.pyc to renew a certificate
already download and identified by the provided id
(get the id by using –list option)
-c COMMON_NAME MAIL_CONTACT, –create-certificate=COMMON_NAME MAIL_CONTACT
Makes crad-lets-encrypt.pyc request a let’s encrypt
certificate for the provided common name (get
available common names by using –list-available-
common-names)
Now, to create a let’s encrypt certificate, first you have to list all available names for certification. For that, run:
>> crad-lets-encrypt.pyc -a
Now, pick one of the names from the list and run:
>> crad-lets-encrypt.pyc -c name-of-the-domain.com account@support.com
After that, to renew the certificate, you have to list them first:
>> crad-lets-encrypt.pyc -l
From the list, pick the certificate’s id you want to renew, run:
>> crad-lets-encrypt.pyc -r
Core-Admin Python API integration
It’s also possible to use the Let’s encrypt management tool via a Python API provided.
For that, first, we have to import the module by using something like:
# import core-admin's let's encrypt applciation
from core_admin_agent import application
m = application._import ("lets_encrypt_management")
Now, to list all available names for certification, run:
status, common_names) = application.call (m, "list_server_names")
if not status:
print "ERROR: failed to get available server names for certificate request. Error was: %s" % common_names
for common_name in common_names:
print "AVAILABLE: common name: %s" % common_name
After that, to request and create a certificate for a given common name (the domain we want a certificate for it), pick one of the previous list and run:
params = {}
params['common_name'] = common_name # object fetched by previous list
params['contact_mail'] = contact_mail # a mail contact required by let's encrypt
# now call to request certificate
(status, info) = application.call (m, "create_certificate", params)
if not status:
print "ERROR: failed to create certificate, error was: %s" % info
Late, if we need to renew a certificate, first we will have to list all certificates to get the id from it:
(status, certificates) = application.call (m, "list_certificates")
if not status:
print "ERROR: failed to get installed certificates, error was: %s" % certificates
After that, with the id we are interested in, we run:
params = {}
params['id'] = id # id fetched by calling list_certificates (for example) or hardcoded
(status, info) = application.call (m, "create_certificate", params)
if not status:
print "ERROR: failed to create certificate, error was: %s" % info