(Grav GitSync) Automatic Commit from RealStickman

2022-05-20 21:05:38 +02:00 · 2022-05-20 21:05:38 +02:00 · 648d16f787
commit 648d16f787
parent 11a63e96e6
1 changed files with 69 additions and 0 deletions
--- a/pages/02.linux/08.acme-sh/default.en.md
+++ b/pages/02.linux/08.acme-sh/default.en.md
@ -0,0 +1,69 @@
+---
+title: ACME.SH
+---
+
+## Getting ACME.SH
+```
+$ git clone https://github.com/acmesh-official/acme.sh.git
+$ cd ./acme.sh
+$ ./acme.sh --install -m my@example.com
+```
+
+## First time ZeroSSL registration
+`$ (path to)/acme.sh  --register-account  -m (email)`  
+
+## Issue new certificate
+Needs root to start a server on port 80  
+`# (path to)/acme.sh --issue --standalone -d (url)`  
+
+## Issue new certificate with DNS API
+> [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
+{.is-info}
+
+### Gandi
+`export GANDI_LIVEDNS_KEY="(api key)"`  
+
+`(path to)/acme.sh --issue --dns dns_gandi_livedns -d (domain)`  
+
+## Install certificate
+Make sure to create the `/etc/acme-sh/(url)` directory  
+
+```
+$ export url=nextcloud.exu.li \
+    && (path to)/acme.sh --install-cert -d $url \
+        --key-file       /etc/acme-sh/{$url}/key.pem  \
+        --fullchain-file /etc/acme-sh/{$url}/cert.pem \
+        --reloadcmd     "sudo systemctl restart nginx"
+```
+
+## Systems Service & Timer
+`/etc/systemd/system/acme-sh.service`  
+```
+[Unit]
+Description=Renew certificates using acme.sh
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=(path to acme.sh) --cron --home (path to acme folder)
+User=wiki
+
+SuccessExitStatus=0 2
+```
+
+`/etc/systemd/system/acme.timer`  
+```
+[Unit]
+Description=Daily renewal of certificates
+
+[Timer]
+OnCalendar=daily
+RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+```
+
+Enable timer  
+`systemctl enable --now acme-sh.timer`