Obtain certificates from Let's Encrypt and use them with Gandi products.
- You need to have the
letsencrypt
client installed on your computer - You'll need a Gandi API Key, which you can get from your Gandi Account
- Clone the plugin's repository, or download it from a Zip file, into a local folder on your computer
- Enter the directory and use the
pip
executable distributed withletsencrypt
to install the plugin
~ $ git clone git@github.com:Gandi/letsencrypt-gandi.git
~ $ cd letsencrypt-gandi
~/letsencrypt-gandi $ ~/.local/share/letsencrypt/bin/pip install -e .
- You must have a "M"-sized (or greater) Simple Hosting instance to enable SSL
- You must add the certificate's domain name to your instance's VHOSTS
- You need to have SSH Key authentication setup on the Simple Hosting instance
- Your SSH Key must be added to your local
ssh-agent
(usessh-add /path/to/key
to add it)
- Currently, only PHP and Ruby instances are supported by the plugin. Node.js and Python instances are not yet supported by the plugin, but you can refer to this tutorial for a walkthrough.
Run the following command from your computer and make sure you replace the placeholders with your own information.
SHS-NAME
: the name of the instanceVHOST
: the domain name for the certificate and of the Simple Hosting VHOSTAPI-KEY
: your Gandi API key
~/letsencrypt $ ./letsencrypt-auto run --domains VHOST \
--authenticator letsencrypt-gandi:gandi-shs \
--letsencrypt-gandi:gandi-shs-name SHS-NAME \
--letsencrypt-gandi:gandi-shs-vhost VHOST \
--letsencrypt-gandi:gandi-shs-api-key API-KEY \
--installer letsencrypt-gandi:gandi-shs
Simply follow the steps presented on the screen to complete the process.
If you experience authentication issues, make sure you can connect to the instance via sftp
from your terminal with your SSH Key and without a password.
If the connection via sftp
works, but the script still has authentication issues, make sure you have added your SSH Key to ssh-agent
on your computer (see the Requirements section for instructions).
In case everything seems to be set correctly, but the script is still not able to authenticate, try to run the above commands with sudo
and re-run the script.
You can also check previously reported Issues or create a new one if you need any help.
Support for other Gandi products, such as Web Accelerators and Servers, is not yet available through the plugin but may be added in the future.
You can still use Let's Encrypt certificates with any Gandi product.
Here are some examples that are especially useful if you are developing the plugin itself.
You can also set your API key in an environment variable. This way you don't need to use the --letsencrypt-gandi:gandi-shs-api-key
flag.
export GANDI_API_KEY="l00km4im1nth3nv"
To only generate and download the certs from Let's Encrypt to your computer, you can use the certonly
command with the letsencrypt-gandi:gandi-shs
authenticator.
~/letsencrypt $ ./letsencrypt-auto certonly --domains VHOST \
--authenticator letsencrypt-gandi:gandi-shs \
--letsencrypt-gandi:gandi-shs-name SHS-NAME \
--letsencrypt-gandi:gandi-shs-vhost VHOST \
--letsencrypt-gandi:gandi-shs-api-key API-KEY \
To only install the certs downloaded to your computer on Simple hosting, you can use the install
command and the letsencrypt-gandi:gandi-shs
installer.
~/letsencrypt $ ./letsencrypt-auto install --domains VHOST \
--cert-path /path/to/cert
--installer letsencrypt-gandi:gandi-shs \
--letsencrypt-gandi:gandi-shs-name SHS-NAME \
--letsencrypt-gandi:gandi-shs-vhost VHOST \
--letsencrypt-gandi:gandi-shs-api-key API-KEY \
With the following additional flags, you'll be able to use LE's staging server and control where your local files are kept. The log file created in ~/.letsencrypt/letsencrypt.log
may contain more information about your problem.
~/letsencrypt $ ./letsencrypt-auto --config-dir $HOME/.letsencrypt \
--work-dir $HOME/.letsencrypt \
--logs-dir $HOME/.letsencrypt \
run --domains VHOST \
--server https://acme-staging.api.letsencrypt.org/directory --break-my-certs \
--authenticator letsencrypt-gandi:gandi-shs \
--letsencrypt-gandi:gandi-shs-name SHS-NAME \
--letsencrypt-gandi:gandi-shs-vhost VHOST \
--letsencrypt-gandi:gandi-shs-api-key API-KEY \
--installer letsencrypt-gandi:gandi-shs