You must be signed in to change notification settings - Fork 185
Setup Boulder CA on Amazon Linux
| This page is only for developers who want to setup their own instance of the Boulder CA server for their own development and testing. It is not required for use of the le-win client components.
The letsencrypt-win ACME client is being developed and tested against the Boulder CA reference implementation of an ACME server. The steps here outline how to spin up an AWS EC2 instance running the Amazon Linux AMI and configure it to run Boulder.
Launch latest AMI
sudo yum update; sudo reboot
sudo yum install libtool-ltdl-devel
sudo yum install golang-pkg-linux-amd64
You need to enable the epel yum repo:
sudo vi /etc/yum.repos.d/epel.repo
sudo yum install npm
sudo yum install rabbitmq-server
sudo service rabbitmq-server start
UPDATE 2015/08/14 - As of versions
integration tests moved from using SQLite to MariaDB/MySQL-
as per this, we can add MariaDB yum repo and install
latest AMZLNX seems to be most compatible with RHEL7 (as per https://forums.aws.amazon.com/message.jspa?messageID=575779)
using MariaDB repo generator, we get:
cat | sudo tee /etc/yum.repos.d/MariaDB.repo
[mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.0/rhel7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 ```
sudo yum install MariaDB-server MariaDB-client
sudo service mysql start
The first time, you need to seed the Boulder DB schema:
mkdir gocode
export GOPATH=/home/ec2-user/gocode ## add this to your .bash_profile
export PATH=$PATH:$GOPATH/bin ## add this to your .bash_profile
edit the test config file
:- replace the value at JSON path
to allow it to accept non-localhost connections - if you want to change the DNS server that's used for verifying DNS-type challenges:
- by default Boulder uses a built-in fake DNS server hosted on UDP port 8053
- change the JSON path
to a server that you can use for testing, and make sure to set the correct port (default for DNS is 53)
- replace the value at JSON path
Follow along as in the quickstart with these caveats:
vi $GOPATH/src/github.com/letsencrypt/boulder/Godeps/_workspace/src/golang.org/x/crypto/ocsp/ocsp.go
- search for elliptic.P224
- comment out that switch statement case
- can't use this pubkey curve variation, maybe because of export restrictions
- replace
with justnode
If you want to update the Boulder code base do:
go get -u github.com/letsencrypt/boulder
- Watch out for conflicts with any local changes, you may need to re-apply any local mods or temporarily move them out of the way.
- Overview
- Let's Encrypt Reference Sheet
- Quick Start
- Requirements
- Basic Concepts
- Vaults, Vault Providers and Vault Profiles
- Challenge Types, Challenge Handlers and Providers
- Troubleshooting
- Contributions
Legacy Docs - out of date
- Good to Know
- Proposed Extension Mechanism
- PowerShell Module Design
- Style Guides and Conventions
- Documentation Resources
A bit dated