mar
/
sysadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Merge branch 'master' of ssh://medusa.casa.alemor.org:4323/mar/sysadmin-docs

master
Mario Alegre 5 years ago
parent
d96a867978 3798234aed
commit
df7920a009
1 changed files with 48 additions and 48 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 96
      linux/letsencrypt/acme-sh.md

96
linux/letsencrypt/acme-sh.md
View File

@ -1,48 +1,48 @@
# install and configure acme.sh
## install
install `socat`:
```
apt search socat
```
clone git:
```
git clone https://github.com/acmesh-official/acme.sh.git
```
install `acme.sh`:
```
cd acme.sh
./acme.sh --install --home /usr/local/lib/acme-sh --config-home /etc/acme-sh --accountemail "my@example.com"
```
logout and log back in to make aliases take effect:
```
exit
sudo -i
```
## issue
if you haven't configured haproxy to issue certs with no downtime, you will have to stop and start it. To issue a certificate, run:
```
acme.sh --issue ${protocol:?} --pre-hook "systemctl stop haproxy" --post-hook "systemctl start haproxy" -d ${domain:?}
```
where `protocol` is `--standalone` if you want to use port 80, or `--alpn` if you want to use port 443.
## deploy
once the certificate has been successfully issued, we still have to deploy it to our server. First, make sure the certs path exists, and set the appropriate variables to tell `acme.sh` where to deploy certificates:
```
mkdir -p /etc/haproxy/certs
export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs
export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy reload"
```
finally, deploy the certificate with:
```
acme.sh --deploy -d --deploy-hook haproxy -d ${domain:?}
```
acme.sh should automatically configure reneweal of certificates and deployment of renewed certificates.
## no downtime config
see https://github.com/acmesh-official/acme.sh/wiki/TLS-ALPN-without-downtime
# install and configure acme.sh
## install
install `socat`:
```
apt install socat
```
clone git:
```
git clone https://github.com/acmesh-official/acme.sh.git
```
install `acme.sh`:
```
cd acme.sh
./acme.sh --install --home /usr/local/lib/acme-sh --config-home /etc/acme-sh --accountemail "my@example.com"
```
logout and log back in to make aliases take effect:
```
exit
sudo -i
```
## issue
if you haven't configured haproxy to issue certs with no downtime, you will have to stop and start it. To issue a certificate, run:
```
acme.sh --issue ${protocol:?} --pre-hook "systemctl stop haproxy" --post-hook "systemctl start haproxy" -d ${domain:?}
```
where `protocol` is `--standalone` if you want to use port 80, or `--alpn` if you want to use port 443.
## deploy
once the certificate has been successfully issued, we still have to deploy it to our server. First, make sure the certs path exists, and set the appropriate variables to tell `acme.sh` where to deploy certificates:
```
mkdir -p /etc/haproxy/certs
export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs
export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy reload"
```
finally, deploy the certificate with:
```
acme.sh --deploy -d --deploy-hook haproxy -d ${domain:?}
```
acme.sh should automatically configure reneweal of certificates and deployment of renewed certificates.
## no downtime config
see https://github.com/acmesh-official/acme.sh/wiki/TLS-ALPN-without-downtime

Write Preview
Loading…
Cancel
Save