Using Let's Encrypt With Dreamhost
As pointed out in the comments, Dreamhost now supports Let's Encrypt in the panel. No more workaround needed!
Let's Encrypt has entered public beta, which means I should probably play with it!
This website is hosted on Dreamhost, which has a round about way of installing SSL certs, but it's not too bad.
First, you have to go to your Dreamhost panel, then "Secure Hosting" and select "Add Secure Hosting"
From here, you pick your domain you want to secure. It's a little bit wonky, in that it doesn't show www. domains as subdomains in this list, so if you use that, you'll need to just select the parent domain.
Doing this will issue you a self-signed certificate which will throw up scary browser warnings. We will fix that next.
I chose to run Let's Encrypt on my laptop, so I followed the user guide to get things installed. Basically just a git clone.
Next you have to begin the request process.
./letsencrypt-auto certonly --manual --debug
certonlystates that we only want a certificate generated, not installed.
--manualmeans that we are going to manually authenticate it.
--debugis used with the OS X version because it is experimental.
This will probably download some junk with homebrew, then it's going to ask you some questions, the greatest of which is what domain you want to use.
With this in hand, it will generate an authentication string that you need to put into a file on the server.
mkdir -p .well-known/acme-challenge/
echo -n "EVgSHY-sQeMAy4TTx_-jjrx-mR3Dmr4M5Byt9vBKcLE.9wpTWpx1Ghg8yXEMASBfWbfU-fGgjG6D-ixF4ip3cDU" > .well-known/acme-challenge/EVgSHY-sQeMAy4TTx_-jjrx-mR3Dmr4M5Byt9vBKcLE
Once you do that, it spits out your certificate into
/etc/letsencrypt/live/www.velvetcache.org $ ls
cert.pem chain.pem fullchain.pem privkey.pem
Back on the Dreamhost panel, you'll want to click on "Edit" for the domain we are securing, then select "Manual Configuration".
You can clear the CSR field and then into the "Certificate" field, enter the content from
Into "Intermediate Certificate" I placed the contents of
Lastly, we have to change the format of the private key file to one Dreamhost understands.
/etc/letsencrypt/live/www.velvetcache.org $ openssl rsa -in privkey.pem -out privkey.key
writing RSA key
Then we paste
privkey.key into the Dreamhost interface for "Private Key", save and wait for our new certificate to get installed.
Now I just have to fix all my asset URLs too...