Wildcard Certificates with acme.sh: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
<code>acme.sh</code> is a lightweight shell script based tool to handle Let's Encrypt certificates, etc. | |||
== Install the bash script == | |||
wget https://get.acme.sh | wget https://get.acme.sh | ||
Line 14: | Line 11: | ||
This will install the script to <code>/root/.acme</code> and add it to path by sourcing a script from root's <code>.bashrc</code> | This will install the script to <code>/root/.acme</code> and add it to path by sourcing a script from root's <code>.bashrc</code> | ||
== Request a wildcard cert for lurk.org == | |||
We use wildcard certificates with DNS authentification | We use wildcard certificates with DNS authentification | ||
Line 29: | Line 26: | ||
/root/.acme.sh/\*.lurk.org/ | /root/.acme.sh/\*.lurk.org/ | ||
== Install the certs for nginx == | |||
== Deployment for other services == | |||
Revision as of 22:04, 12 October 2024
acme.sh
is a lightweight shell script based tool to handle Let's Encrypt certificates, etc.
Install the bash script
wget https://get.acme.sh
As root:
sh acme.sh
This will install the script to /root/.acme
and add it to path by sourcing a script from root's .bashrc
Request a wildcard cert for lurk.org
We use wildcard certificates with DNS authentification first find and export the gandi dns key:
export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
Then request a wildcard cert. (the dns key is added to a config file automatically for future renewals)
acme.sh --issue --dns dns_gandi_livedns --nginx -d *.lurk.org
Find the certs in:
/root/.acme.sh/\*.lurk.org/