Skip to content

Certbot

Install cerbot client

brew install certbot

Generate cetificates

certbot certonly --preferred-challenges=http --manual --config-dir ~/lets-encrypt --work-dir ~/lets-encrypt --logs-dir ~/lets-encrypt

Use http challenge to quickly verify that you own the domain. To complete the verification, add the route and return the value which certbot asked for

rust
#[get("/.well-known/acme-challenge/vbujFQUlzX60RKtq1EjTP4kiJP_DYHtS22EUzDFx7T0")]
async fn certbot() -> impl Responder {
    HttpResponse::Ok().body("vbujFQUlzX60RKtq1EjTP4kiJP_DYHtS22EUzDFx7T0.VQCJWd5zb8inSAUPsDcF6mjKaBAssM8MzI5X1AqjFNM")
}

Here's the the full example:

rust
use actix_files as fs;
use actix_web::{get, App, HttpServer, Responder, HttpResponse};
use openssl::ssl::{SslAcceptor, SslMethod, SslFiletype};

#[actix_web::main]
async fn main() -> std::io::Result<()> {

    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
    builder.set_private_key_file("/home/ubuntu/workspace/tubelightapps/key.pem", SslFiletype::PEM).unwrap();
    builder.set_certificate_chain_file("/home/ubuntu/workspace/tubelightapps/cert.pem").unwrap();
    
    HttpServer::new(|| {
        App::new()
                .service(certbot)
                .service(fs::Files::new("/", "/home/ubuntu/workspace/tubelightapps/book")
                .show_files_listing()
                .index_file("index.html"),
        )
    })
    .bind("0.0.0.0:80")?
    .bind_openssl("0.0.0.0:443", builder)?
    .run()
    .await
}

#[get("/.well-known/acme-challenge/vbujFQUlzX60RKtq1EjTP4kiJP_DYHtS22EUzDFx7T0")]
async fn certbot() -> impl Responder {
    HttpResponse::Ok().body("vbujFQUlzX60RKtq1EjTP4kiJP_DYHtS22EUzDFx7T0.VQCJWd5zb8inSAUPsDcF6mjKaBAssM8MzI5X1AqjFNM")
}