1.5 KiB
1.5 KiB
| title | visible |
|---|---|
| ACME.SH | true |
[toc]
Getting ACME.SH
$ git clone https://github.com/acmesh-official/acme.sh.git
$ cd ./acme.sh
$ ./acme.sh --install -m my@example.com
First time ZeroSSL registration
$ (path to)/acme.sh --register-account -m (email)
Issue new certificate
Needs root to start a server on port 80
# (path to)/acme.sh --issue --standalone -d (url)
Issue new certificate with DNS API
Gandi
export GANDI_LIVEDNS_KEY="(api key)"
(path to)/acme.sh --issue --dns dns_gandi_livedns -d (domain)
Install certificate
Make sure to create the /etc/acme-sh/(url) directory
$ export url=woodpecker.exu.li \
&& mkdir -p /etc/acme-sh/{$url} \
&& .acme.sh/acme.sh --install-cert -d $url \
--key-file /etc/acme-sh/{$url}/key.pem \
--fullchain-file /etc/acme-sh/{$url}/cert.pem \
--reloadcmd "sudo systemctl restart nginx"
Systems Service & Timer
/etc/systemd/system/acme-sh.service
[Unit]
Description=Renew certificates using acme.sh
After=network-online.target
[Service]
Type=oneshot
ExecStart=(path to acme.sh) --cron --home (path to acme folder)
User=wiki
SuccessExitStatus=0 2
/etc/systemd/system/acme.timer
[Unit]
Description=Daily renewal of certificates
[Timer]
OnCalendar=daily
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target
Enable timer
systemctl enable --now acme-sh.timer