Wildcard Certificates with acme.sh

From Run Your Own
Jump to navigation Jump to search

acme.sh is a lightweight shell script based tool to handle Let's Encrypt certificates, etc.

Install the bash script

wget https://get.acme.sh 

As root:

sh acme.sh

This will install the script to /root/.acme and add it to path by sourcing a script from root's .bashrc

Request a wildcard cert for lurk.org

We use wildcard certificates with DNS authentification first find and export the gandi dns key:

export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk" 

Then request a wildcard cert. (the dns key is added to a config file automatically for future renewals)

acme.sh --issue --dns dns_gandi_livedns --nginx -d *.lurk.org

Find the certs in:

/root/.acme.sh/\*.lurk.org/

Install the certs for nginx

Deployment for other services