Wildcard Certificates with acme.sh

From Run Your Own
Jump to navigation Jump to search

acme.sh is a lightweight shell script based tool to handle Let's Encrypt certificates, etc.

Install the bash script

wget https://get.acme.sh

As root: 

sh acme.sh

This will install the script to /root/.acme and add it to path by sourcing a script from root's .bashrc

Request a wildcard cert for lurk.org

We use wildcard certificates with DNS authentification first find and export the gandi dns key: 

export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"

Then request a wildcard cert. (the dns key is added to a config file automatically for future renewals) 

acme.sh --issue --dns dns_gandi_livedns --nginx -d *.lurk.org

Find the certs in: 

/root/.acme.sh/\*.lurk.org/

Install the certs for nginx

Deployment for other services

Retrieved from "https://things.bleu255.com/runyourown/index.php?title=Wildcard_Certificates_with_acme.sh&oldid=630"