LeGo CertHub
LeGo CertHub
InstallConfigureServer UsageClient UsageDownloadAuthorSource



LeGo CertHub can be obtained here. Download it and unpack it on the desired host.


LeGo is compact and runs from one binary. To install it simply create a folder and place all of the files from the release package in it.If you want it running as a service (which you probably do) all you have to do is configure a service to run the executable.

For linux installation there is an install script in the scripts folder. After unpacking the release package, run ./ as superuser (e.g. sudo) and the rest is done for you.


Create config.yaml in the same path as the LeGo executable. This file may already exist if you used an install script. Edit this file to suit your needs. Options are explained in config.default.yaml

In particular, you should pay special attention to the ports you're running the server on as well as the challenge methods. You may need to make changes to your dns, router, and firewall configurations. A basic understanding of ACME is needed to properly configure these settings and is beyond the scope of this documentation. If you want to bind to privileged ports (e.g. 80) you may need to make additional modifications to your host.

Once your config is complete, restart the LeGo server.

Enable SSL

Login to the LeGo server for the first time. The initial user is 'admin' and the password is 'password'.

New Private Key

Once logged in, create a new key.

New ACME Account

Create a new account with that key. After creation, click 'Register'.

New Private Key for LeGo

Create another new key. This key is for the LeGo server.

New Certificate

Create the certificate for the LeGo server.

New Order

Finally, place a new order for the certificate and wait for the order to be fulfilled. Refresh after a short wait and your order should be valid. If it isn't, check your challenges configuration, dns, router, and firewall settings.

Update SSL Config

If the key and certificate are named 'legocerthub' no config update is needed. Otherwise, set the names in config.yaml. Restart LeGo for SSL to become active.

Go to Settings and change the default password. Now you are all set to begin populating other keys and certificates.