Wildcard Certificates with acme.sh: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 2: | Line 2: | ||
== Using acme.sh == | == Using acme.sh == | ||
<code>acme.sh</code> is a lightweight shell script based tool to handle Let's Encrypt certificates. | |||
=== Install the bash script === | === Install the bash script === | ||
Line 12: | Line 12: | ||
sh acme.sh | sh acme.sh | ||
This will install the script to /root/ and add it to path | This will install the script to <code>/root/.acme</code> and add it to path by sourcing a script from root's <code>.bashrc</code> | ||
=== Request a wildcard cert for lurk.org === | === Request a wildcard cert for lurk.org === | ||
We use wildcard certificates with DNS authentification | |||
first find and export the gandi dns key: | first find and export the gandi dns key: | ||
Line 28: | Line 29: | ||
/root/.acme.sh/\*.lurk.org/ | /root/.acme.sh/\*.lurk.org/ | ||
== | === Install the certs for nginx === | ||
=== Deployment for other services === | |||
[[Category:Certificates]] | [[Category:Certificates]] |
Revision as of 21:59, 12 October 2024
Using acme.sh
acme.sh
is a lightweight shell script based tool to handle Let's Encrypt certificates.
Install the bash script
wget https://get.acme.sh
As root:
sh acme.sh
This will install the script to /root/.acme
and add it to path by sourcing a script from root's .bashrc
Request a wildcard cert for lurk.org
We use wildcard certificates with DNS authentification first find and export the gandi dns key:
export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
Then request a wildcard cert. (the dns key is added to a config file automatically for future renewals)
acme.sh --issue --dns dns_gandi_livedns --nginx -d *.lurk.org
Find the certs in:
/root/.acme.sh/\*.lurk.org/