My Let's Encrypt

Web server requirements

Required PHP extensions

Your Apache/nginx web server needs the following extensions enabled:

  • mandatory: curl
  • mandatory: gmp (preferred - much faster) or bcmath (slower)
  • optional: openssl, ftp, ssh2

You can list the currently installed PHP extensions in the dashboard of your concrete5 installation: go to Dashboard → System & Settings → Environment → Environment Information and look for the "# PHP Extensions" section.

Required web server configuration

Let's Encrypt needs to be sure that you can fully control a domain before releasing an HTTPS certificate for it (they call this process domain authorization).

This authorization can be performed in one of the following ways:


URL-based authorization

Let's Encrypt will fetch a file from the web root if your website.
Essentially, they will browse to an URL like this: http://www.yourdomain.com/.well-known/acme-challenge/....
In order to make this process work, the My Let's Encrypt package needs one of the following two conditions:

  • The Pretty URLs are enabled (more details) and Apache/nginx redirects the URLs that start with a . (dot) to concrete5.
    You can simply check if this works by browsing to an URL like http://www.yourdomain.com/.well-known/test - If you see a Page not found with the concrete5 theme or logo then everything is fine. If otherwise you see the Apache/nginx standard Not Found error page then the web server needs to be changed (for Apache you'll need to change a RewriteRule or an IndexIgnore directive, for nginx it may be a Location directive)
      
  • The root folder of the website (eg /var/www/mysite) needs to be writable by PHP and/or by yourself, and the URLs that start with a . (dot) are not blocked by Apache/nginx.
    To check if this last condition is ok:
    1. create a directory called .well-known (pay attention to add the initial dot) in the root folder of the website
    2. create a file called check in this folder and put some text in it (for instance "Ok")
    3. with your browser go to http://www.yourdomain.com/.well-known/check
    4. if you see the file content ("Ok") then everything is fine. If otherwise you see the Apache/nginx standard Not Found error page then the web server needs to be changed (for Apache you'll need to change a RewriteRule or an IndexIgnore directive, for nginx it may be a Location directive)
    5. remember to remove the .well-known directory that you created at point 1


DNS-based authorization

You'll need to add a specific TXT record to the DNS server of your domain names
(This is quite advanced and most people will perform an URL-based authorization).