Google announced that starting with Chrome version 68 they will gradually mark HTTP-connections as “not secure”. “Let’s Encrypt” is a free service for web-masters to obtain certificates in an easy manner. Work on “Let’s Encrypt” started in 2014.
Setting up “Let’s Encrypt” with Hiawatha web-server is quite easy, although there are some pitfalls. I used the ArchLinux package for Hiawatha. There is also a ArchWiki page for Hiawatha.
Another detailed description is: Let’s Encrypt with Hiawatha by Chris Wadge.
1. Unpacking and production-server setting. After installing the ArchLinux package I unpacked the file /usr/share/hiawatha/letsencrypt.tar.gz
. You have to edit letsencrypt.conf
at three places:
ACCOUNT_EMAIL_ADDRESS = your@mail.address HIAWATHA_CERT_DIR = {HIAWATHA_CONFIG_DIR}/tls LE_CA_HOSTNAME = acme-v01.api.letsencrypt.org # Production
I struggled with the last variable LE_CA_HOSTNAME
. This has to be the productive “Let’s Encrypt” server. Although you might register with the testing-server, you apparently cannot do anything else with the testing-server. So delete the testing-server. The rest of the configuration file is obvious to change.
2. Configuration file. Now check your hiawatha.conf
file:
Binding { Port = 443 #TLScertFile = tls/hiawatha.pem TLScertFile = /etc/hiawatha/tls/www.eklausmeier.tk.pem Interface = 0.0.0.0 MaxRequestSize = 2048 TimeForRequest = 30 } ... VirtualHost { Hostname = www.eklausmeier.tk, eklausmeier.tk, 192.168.178.24, klm.no-ip.org, klm.ddns.net, edh.no-ip.org, edh.ddns.net, klmport.no-ip.org, borussia ... }