We currently deliver all proServers with the settings for the Let's Encrypt staging servers, as the quota of certificates for subdomains for the domain punkt.de has been used up.

To use the Let's Encrypt live servers, the CA must be changed to https://acme-v02.api.letsencrypt.org/directory in /usr/local/etc/dehydrated/config.

The desired domains are entered in the domains.txt file. All domains for which a single (multi-domain) certificate is to be requested must be written in one line and separated only by a space. Wildcard certificates are not yet possible.

$ cat /var/www/letsencrypt/domains.txt

example.org www.example.org
example.com www.example.com wiki.example.com

To apply for an SSL certificate with Let's Encrypt, the DNS entry for this domain must already point to the proServer.

A cronjob must then be activated:

$ sudo crontab -u root -e

# Dehydrated Cronjob
PATH=/bin:/usr/bin:/usr/local/bin
@weekly /usr/local/bin/dehydrated -c -g

Now all you have to do is apply for the certificates and enter the corresponding domains in the web server configuration:

$ sudo dehydrated -c

Done. The newly generated certificates are now located under the path /usr/local/etc/ssl/certs/<domainname>/

Further information about the tool we use can be found on Github or on letsencrypt.org.