1.8 KiB
1.8 KiB
| title | visible |
|---|---|
| ACME.SH | true |
[toc]
Getting ACME.SH
[shuser]
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m [EMAIL]
[/shuser]
First time ZeroSSL registration
[shuser]
.acme.sh/acme.sh --register-account -m [EMAIL]
[/shuser]
Issue new certificate
Needs root to start a server on port 80
[shroot]
.acme.sh/acme.sh --issue --standalone -d [DOMAIN]
[/shroot]
Issue new certificate with DNS API
Gandi
Create a personal access token with permissions to "Manage domain name technical configurations"
[shuser]
export GANDI_LIVEDNS_TOKEN="[Personal Access Token]"
[/shuser]
Warning: export GANDI_LIVEDNS_KEY="[API KEY]" is deprecated
[shuser]
.acme.sh/acme.sh --issue --dns dns_gandi_livedns -d [DOMAIN]
[/shuser]
Install certificate
Make sure to create the /etc/acme-sh/(url) directory
[shuser]
export url=[URL] \
&& mkdir -p /etc/acme-sh/{$url} \
&& .acme.sh/acme.sh --install-cert -d $url \
--key-file /etc/acme-sh/{$url}/key.pem \
--fullchain-file /etc/acme-sh/{$url}/cert.pem \
--reloadcmd "sudo systemctl restart nginx"
[/shuser]
Systems Service & Timer
/etc/systemd/system/acme-sh.service
[Unit]
Description=Renew certificates using acme.sh
After=network-online.target
[Service]
Type=oneshot
ExecStart=(path to acme.sh) --cron --home (path to acme folder)
User=wiki
SuccessExitStatus=0 2
/etc/systemd/system/acme-sh.timer
[Unit]
Description=Daily renewal of certificates
[Timer]
OnCalendar=daily
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target
Enable timer [shroot]
systemctl enable --now acme-sh.timer
[/shroot]