LeGo CertHub binaries can be obtained from GitHub. Download it and unpack it on the desired host.
Docker is now supported and the image can be pulled from Docker Hub or GitHub Packages. Ports 4050, 4055, and 4060 should be exposed. The path /app/data should be bound to persist the application's config, database, scripts, logs, etc.
Example docker run:
docker run -d --name legocerthub -v ./data:/app/data -p 4050:4050 -p 4055:4055 -p 4060:4060 ghcr.io/gregtwallace/legocerthub:latest
LeGo is compact and runs from one binary. To install it simply create a folder and place all of the files from the release package in it.If you want it running as a service (which you probably do) all you have to do is configure a service to run the executable.
For linux installation there is an install script in the scripts folder. After unpacking the release package, run ./install.sh as superuser (e.g. sudo) and the rest is done for you.
If you're using Docker, just pull and run the image. Ports 4050, 4055, and 4060 should be exposed. The path /app/data should be bound to persist the application's config, database, scripts, logs, etc.
Create config.yaml in the same path as the LeGo executable. This file may already exist if you used an install script. Edit this file to suit your needs. Options are explained in config.default.yaml
In particular, you should pay special attention to the ports you're running the server on as well as the challenge methods. You may need to make changes to your dns, router, and firewall configurations. A basic understanding of ACME is needed to properly configure these settings and is beyond the scope of this documentation. If you want to bind to privileged ports (e.g. 80) you may need to make additional modifications to your host.
Once your config is complete, restart the LeGo server.
Login to the LeGo server for the first time. The initial user is 'admin' and the password is 'password'.
Once logged in, create a new key.
Create a new account with that key. After creation, click 'Register'.
Create another new key. This key is for the LeGo server.
Create the certificate for the LeGo server.
Finally, place a new order for the certificate and wait for the order to be fulfilled. Refresh after a short wait and your order should be valid. If it isn't, check your challenges configuration, dns, router, and firewall settings.
Update SSL Config
If the key and certificate are named 'legocerthub' no config update is needed. Otherwise, set the names in config.yaml. Restart LeGo for SSL to become active.
Go to Settings and change the default password. Now you are all set to begin populating other keys and certificates.