70 lines
1.5 KiB
Markdown
Raw Normal View History

---
title: ACME.SH
---
[toc]
## Getting ACME.SH
```
$ git clone https://github.com/acmesh-official/acme.sh.git
$ cd ./acme.sh
$ ./acme.sh --install -m my@example.com
```
## First time ZeroSSL registration
`$ (path to)/acme.sh --register-account -m (email)`
## Issue new certificate
Needs root to start a server on port 80
`# (path to)/acme.sh --issue --standalone -d (url)`
## Issue new certificate with DNS API
> [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
### Gandi
`export GANDI_LIVEDNS_KEY="(api key)"`
`(path to)/acme.sh --issue --dns dns_gandi_livedns -d (domain)`
## Install certificate
Make sure to create the `/etc/acme-sh/(url)` directory
```
$ export url=nextcloud.exu.li \
&& (path to)/acme.sh --install-cert -d $url \
--key-file /etc/acme-sh/{$url}/key.pem \
--fullchain-file /etc/acme-sh/{$url}/cert.pem \
--reloadcmd "sudo systemctl restart nginx"
```
## Systems Service & Timer
`/etc/systemd/system/acme-sh.service`
```
[Unit]
Description=Renew certificates using acme.sh
After=network-online.target
[Service]
Type=oneshot
ExecStart=(path to acme.sh) --cron --home (path to acme folder)
User=wiki
SuccessExitStatus=0 2
```
`/etc/systemd/system/acme.timer`
```
[Unit]
Description=Daily renewal of certificates
[Timer]
OnCalendar=daily
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target
```
Enable timer
2022-06-02 19:12:48 +02:00
`systemctl enable --now acme-sh.timer`