Wildcard Certificates with acme.sh: Difference between revisions

From Run Your Own
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
<code>acme.sh</code> is a lightweight shell script based tool to handle Let's Encrypt certificates, etc.


== Using acme.sh ==
== Install the bash script ==
 
<code>acme.sh</code> is a lightweight shell script based tool to handle Let's Encrypt certificates.
 
=== Install the bash script ===


  wget https://get.acme.sh  
  wget https://get.acme.sh  
Line 14: Line 11:
This will install the script to <code>/root/.acme</code> and add it to path by sourcing a script from root's <code>.bashrc</code>  
This will install the script to <code>/root/.acme</code> and add it to path by sourcing a script from root's <code>.bashrc</code>  


=== Request a wildcard cert for lurk.org ===
== Request a wildcard cert for lurk.org ==


We use wildcard certificates with DNS authentification
We use wildcard certificates with DNS authentification
Line 29: Line 26:
  /root/.acme.sh/\*.lurk.org/
  /root/.acme.sh/\*.lurk.org/


=== Install the certs for nginx ===
== Install the certs for nginx ==


=== Deployment for other services ===
== Deployment for other services ==





Revision as of 22:04, 12 October 2024

acme.sh is a lightweight shell script based tool to handle Let's Encrypt certificates, etc.

Install the bash script

wget https://get.acme.sh 

As root:

sh acme.sh

This will install the script to /root/.acme and add it to path by sourcing a script from root's .bashrc

Request a wildcard cert for lurk.org

We use wildcard certificates with DNS authentification first find and export the gandi dns key:

export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk" 

Then request a wildcard cert. (the dns key is added to a config file automatically for future renewals)

acme.sh --issue --dns dns_gandi_livedns --nginx -d *.lurk.org

Find the certs in:

/root/.acme.sh/\*.lurk.org/

Install the certs for nginx

Deployment for other services