Obtaining X.509 certificates from Let’s Encrypt at KIT

This document explains how to use the acme4netvs software to acquire server certificates from Let’s Encrypt at the Karlsruhe Institute of Technology.

This documentation is primarily targeted at server operators at the Karlsruhe Institute of Technology. Please talk to you institute’s IT staff in case you require server certificates but are not an OU administrator yourself.

There are so many options here, what do I do?

0. Check out the Concepts if you are interested in what is happening here
1. Follow the Installation instructions
2. Setup your NETVS organisation for ACME
3. Choose an ACME client and read our documentation for it (or theirs, if we do not provide one). We currently document these ACME clients:
   • Dehydrated
   • Certbot
   • acme.sh
   • win-acme
   • Proxmox

Which ACME client you choose may depend on your specific requirements and environments as well as you personal preferences.

If you have no idea what to do, the acme4netvs maintainer’s personal recommendations are: use win-acme on Windows and dehydrated for everything else.

If you wonder how to integrate an ACME client / Let’s Encrypt in your specific service, check out the contributed instructions from other members of KIT!

Documentation enhancements

This source for this documentation is located at https://gitlab.kit.edu/kit/kit-ca/public-relations/docs-ca-kit-edu and open for merge requests. Feel free to contribute enhancements, fixes and clarifications.

Community chat

We have a community chat on KIT Matrix (join link for Desktop Client and KIT’s web client) for discussions, questions and announcements. We strongly suggest joining if you are using acme4netvs.