1 This is a Let's Encrypt authenticator module for authenticating any site
2 that Varnish sits in front of. The most obvious use would be if you have
3 some sort of backend CMS that's not easy to get to serve arbitrary files,
4 or if you have some sort of complicated rewriting in place in your VCL.
5 It works by rewriting your VCL file to intercept the http-01 auth requests
6 and synthesizing the responses.
8 The code is ugly, has tons of lint errors and relies on a number of assumptions
9 (such as your VCL being in /etc/default/varnish.vcl). Patches accepted to clean
10 it up. Please back up your VCL configuratoin before use.
14 1. Install letsencrypt as usual, with letsencrypt-auto.
18 . ~/.local/share/letsencrypt/bin/activate
20 3. Install the module:
22 pip install -e path/to/this/letsencrypt-varnish
24 4. Ask for a certificate:
26 sudo ~/.local/share/letsencrypt/bin/letsencrypt --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory -a letsencrypt-varnish-plugin:varnish -d <domain> certonly
29 Varnish itself does not support SSL, so the module is just for authentication,
30 just installation. There is a Hitch installation module at
32 https://git.sesse.net/?p=letsencrypt-hitch-plugin;a=summary
34 The Varnish authenticator plugin is licensed under the same terms as the Let's
35 Encrypt client itself.
37 - Steinar H. Gunderson <steinar+letsencrypt@gunderson.no>