Obtain certificates from Let's Encrypt and use them with Gandi products.

• You need to have the letsencrypt client installed on your computer
• You'll need a Gandi API Key, which you can get from your Gandi Account

• Clone the plugin's repository, or download it from a Zip file, into a local folder on your computer
• Enter the directory and use the pip executable distributed with letsencrypt to install the plugin

~ $ git clone [email protected]:Gandi/letsencrypt-gandi.git
~ $ cd letsencrypt-gandi
~/letsencrypt-gandi $ ~/.local/share/letsencrypt/bin/pip install -e .

• You must have a "M"-sized (or greater) Simple Hosting instance to enable SSL
• You must add the certificate's domain name to your instance's VHOSTS
• You need to have SSH Key authentication setup on the Simple Hosting instance
• Your SSH Key must be added to your local ssh-agent (use ssh-add /path/to/key to add it)

• Currently, only PHP and Ruby instances are supported by the plugin. Node.js and Python instances are not yet supported by the plugin, but you can refer to this tutorial for a walkthrough.

Run the following command from your computer and make sure you replace the placeholders with your own information.

• SHS-NAME: the name of the instance
• VHOST: the domain name for the certificate and of the Simple Hosting VHOST
• API-KEY: your Gandi API key

~/letsencrypt $ ./letsencrypt-auto run --domains VHOST \
            --authenticator letsencrypt-gandi:gandi-shs \
                --letsencrypt-gandi:gandi-shs-name SHS-NAME \
                --letsencrypt-gandi:gandi-shs-vhost VHOST \
                --letsencrypt-gandi:gandi-shs-api-key API-KEY \
            --installer letsencrypt-gandi:gandi-shs

Simply follow the steps presented on the screen to complete the process.

If you experience authentication issues, make sure you can connect to the instance via sftp from your terminal with your SSH Key and without a password.

If the connection via sftp works, but the script still has authentication issues, make sure you have added your SSH Key to ssh-agent on your computer (see the Requirements section for instructions).

In case everything seems to be set correctly, but the script is still not able to authenticate, try to run the above commands with sudo and re-run the script.

You can also check previously reported Issues or create a new one if you need any help.

Support for other Gandi products, such as Web Accelerators and Servers, is not yet available through the plugin but may be added in the future.

You can still use Let's Encrypt certificates with any Gandi product.

Here are some examples that are especially useful if you are developing the plugin itself.

You can also set your API key in an environment variable. This way you don't need to use the --letsencrypt-gandi:gandi-shs-api-key flag.

export GANDI_API_KEY="l00km4im1nth3nv"

To only generate and download the certs from Let's Encrypt to your computer, you can use the certonly command with the letsencrypt-gandi:gandi-shs authenticator.

~/letsencrypt $ ./letsencrypt-auto certonly --domains VHOST \
            --authenticator letsencrypt-gandi:gandi-shs \
                --letsencrypt-gandi:gandi-shs-name SHS-NAME \
                --letsencrypt-gandi:gandi-shs-vhost VHOST \
                --letsencrypt-gandi:gandi-shs-api-key API-KEY \

To only install the certs downloaded to your computer on Simple hosting, you can use the install command and the letsencrypt-gandi:gandi-shs installer.

~/letsencrypt $ ./letsencrypt-auto install --domains VHOST \
            --cert-path /path/to/cert
            --installer letsencrypt-gandi:gandi-shs \
              --letsencrypt-gandi:gandi-shs-name SHS-NAME \
              --letsencrypt-gandi:gandi-shs-vhost VHOST \
              --letsencrypt-gandi:gandi-shs-api-key API-KEY \

With the following additional flags, you'll be able to use LE's staging server and control where your local files are kept. The log file created in ~/.letsencrypt/letsencrypt.log may contain more information about your problem.

~/letsencrypt $ ./letsencrypt-auto --config-dir $HOME/.letsencrypt \
            --work-dir $HOME/.letsencrypt \
            --logs-dir $HOME/.letsencrypt \
            run --domains VHOST \
            --server https://acme-staging.api.letsencrypt.org/directory --break-my-certs \
            --authenticator letsencrypt-gandi:gandi-shs \
                --letsencrypt-gandi:gandi-shs-name SHS-NAME \
                --letsencrypt-gandi:gandi-shs-vhost VHOST \
                --letsencrypt-gandi:gandi-shs-api-key API-KEY \
            --installer letsencrypt-gandi:gandi-shs