There’s a great step by step guide for setting up letsencrypt certs on dreamhost here! This post will parrot most of the stuff that it says with a few highlighted points that tripped me up.
I’m going to avoid all the letsencrypt setup and jump straight into running the thing.
Now that might pop up a thing about logging your IP address. If you aren’t cool with that then you can’t have a certificate, so make sure you say yes.
Next the command will pause waiting for you to press enter. DO NOT PRESS ENTER YET!
I made that mistake and had to run the command again. Before you can proceed, you need to
create some folders and a file under the domain you are creating the certificate for. The
/.well-known/acme-challenge and the file is named some random hash of characters.
The file content is some other hash of characters.
An example path is
SSH into your dreamhost server and run
Finally make sure that the file is reachable in your browser by visiting http://example.com/.well-known/acme-challenge/RcapSBi_ZOlYnrByap1cRRrHln1lzKOIXwg2NowrZt5
Now, after all that, you can hit enter.
Once the command finishes you should see a congratulations under the “IMPORTANT NOTES” output.
The next step is to visit the dreamhost panel and go to Domains > Secure Hosting. Then click the “Add Secure Hosting” button and select your desired domain, in our case example.com. (You don’t need to add a unique IP)
Dreamhost should give you a success message saying that it’s using a self-signed certificate. Instead, we want it to use the certificate letsencrypt generated so click the edit button next to the domain and choose “Manual configuration”.
Now you should see 4 text boxes labeled “Certificate Signing Request”, “Certificate”, “Private Key”, and “Intermediate Certificate” respectively.
- Certificate Signing Request: Delete everything from this box.
- Certificate: Copy the text from
cat /etc/letsencrypt/live/example.com/cert.pem | pbcopyinto this box.
- Private Key: Run the following command
openssl rsa -in /etc/letsencrypt/live/example.com/privkey.pemand copy the outputted result into this box.
- Intermediate Certificate: Copy the text from
cat /etc/letsencrypt/live/example.com/chain.pem | pbcopyinto this box.
After that, click “Save changes now!” and you’re all set.