Letsencrypt is fantastic because it lets users generate valid (not self-signed) SSL certificates for free. I'm using bip as an IRC proxy. Bip can use an SSL certificate for encryption, but the documentation is a bit fuzzy on this.
I know how to generate certificates with letsencrypt. I guess I must concatenate some of the letsencrypt generated files, among cert.pem, chain.pem, fullchain.pemandprivkey.pem` to get a valid bip certificate. But which ones?
If you're asking how to configure bip to use the Let's Encrypt certificate so that clients can connect to it via SSL, the documentation provides the following:
client_side_ssl (default: false)
When true, clients will need to connect to BIP using SSL. You'll also need to
generate a SSL cert/key pair in <bipdir>/bip.pem (usually ~/.bip/bip.pem or
/var/lib/bip/bip.pem) or <client_side_ssl_pem> if defined.
client_side_ssl_pem (default: <bipdir>/bip.pem)
Set this to the full path of the cert/key pair bip should use to accept clients
SSL connections
So from that I gather you will need to cat privkey.pem cert.pem > bip.pem and enable client_side_ssl and point client_side_ssl_pem to bip.pem if it's not in one of the specified locations.
I don't believe you'll need to add the CA chain as Let's Encrypt is a trusted CA and the clients should be able to reconstruct the chain themselves. If that's not the case, you can add chain.pem to bip.pem as well.
I also found a handy guide that might be of use here: https://flexion.org/posts/2014-04-bip-irc-proxy/
