Configuration of the PicApport Server for SSL with Letsencrypt

The following documentation is for a PicApport version which will be available for our beta testers in late summer 2019.

Who would like to take part in this test simply write a mail to

Background Information

The offline mode of PicApport is supported by modern browsers only for SSL connections. The keyword here is „progressive Web App“ (PWA).

PicApport uses depending on the configuration either:

  • Application Cache (AppCache)
  • or the more modern „service workers“.

The effort and the costs for private users and small companies to equip servers with a valid certificate via DynDns is relatively high. offers a solution via the standardized ACME protocol which we have implemented from version 7.6.x in PicApport.

The goal is:

  • Configure SSL once in PicApport for Letsencrypt

  • Once configured, PicApport automatically updates the certificates
    Everything works fully automatic.


The following diagram shows how to configure SSL for Letsencrypt:

As shown in the picture above, 5 parameters must be entered in the After a restart of the server everything should be set up automatically.

The Letsencrypt activities are documented in the log files under (from version 7.6 also queryable via the web interface if you are authorized)

MSG  @ 02:53:53.040 OK: valid certificate found. No renew necessary.
MSG  @ 02:53:55.008 UPDATE: certificate expired.Tue Jul 09 02:53:55 CEST 2019-Mon Oct 07 02:53:55 CEST 2019
MSG  @ 02:53:55.008 UPDATE: no matched entries in keystore found
MSG  @ 02:53:55.008 UPDATE: starting renew
MSG  @ 02:53:56.571 UPDATE: challenge accepted
MSG  @ 02:53:59.008 OK: challenge has been completed

Important notice

server.port and server.letsencrypt.challenge.port can be chosen freely.
However, it must be ensured that the challenge port can always be reached from „outside“ via port 80.

This is a default of Letsencrypt and cannot be changed.

Please also note that port numbers < 1024 under Linux (incl. Apple) are so-called privileged ports and must be handled accordingly.
see also: