Skip to content

Setup Boulder CA on Amazon Linux

Eugene Bekker edited this page Dec 4, 2015 · 5 revisions

Setting up Boulder on Amazon Linux

| PLEASE NOTE:

| This page is only for developers who want to setup their own instance of the Boulder CA server for their own development and testing. It is not required for use of the le-win client components. | UPDATE: This page is being left here for historical reference, however it is most like outdated. Since the launch of the Let's Encrypt STAGE API endpoint ACMESharp has used that endpoint for its development and testing and abandoned the local Boulder installation. Therefore YMMV with the instructions below.

The letsencrypt-win ACME client is being developed and tested against the Boulder CA reference implementation of an ACME server. The steps here outline how to spin up an AWS EC2 instance running the Amazon Linux AMI and configure it to run Boulder.

  • Launch latest AMI

  • sudo yum update; sudo reboot

  • sudo yum install libtool-ltdl-devel

  • sudo yum install golang-pkg-linux-amd64

  • You need to enable the epel yum repo:

    • sudo vi /etc/yum.repos.d/epel.repo
  • sudo yum install npm

  • sudo yum install rabbitmq-server

  • sudo service rabbitmq-server start

  • UPDATE 2015/08/14 - As of versions b08e6e0badb9f6242976dbceb4d9799e22da5047, 86390e312b015d170be190c52755548daeac337c and 64987a3639b77fb52063cb1db6165be44030cf15 integration tests moved from using SQLite to MariaDB/MySQL

  • mkdir gocode

  • export GOPATH=/home/ec2-user/gocode ## add this to your .bash_profile

  • export PATH=$PATH:$GOPATH/bin ## add this to your .bash_profile

  • edit the test config file test/boulder-config.json:

    • replace the value at JSON path wfe.listenAddress with 0.0.0.0:4000 to allow it to accept non-localhost connections
    • if you want to change the DNS server that's used for verifying DNS-type challenges:
      • by default Boulder uses a built-in fake DNS server hosted on UDP port 8053
      • change the JSON path common.dnsResolver to a server that you can use for testing, and make sure to set the correct port (default for DNS is 53)
  • Follow along as in the quickstart with these caveats:

    • vi $GOPATH/src/github.com/letsencrypt/boulder/Godeps/_workspace/src/golang.org/x/crypto/ocsp/ocsp.go
      • search for elliptic.P224
      • comment out that switch statement case
      • can't use this pubkey curve variation, maybe because of export restrictions
      • replace nodejs with just node
  • If you want to update the Boulder code base do:

    • go get -u github.com/letsencrypt/boulder
    • Watch out for conflicts with any local changes, you may need to re-apply any local mods or temporarily move them out of the way.
Clone this wiki locally