Date: 27 Jul 2018 21:34:56 -0400 From: "John Levine" <johnl@iecc.com> To: freebsd-questions@freebsd.org Cc: dave.mehler@gmail.com Subject: Re: acme.sh and certificate deployment Message-ID: <20180728013456.C61F62002E64B3@ary.qy> In-Reply-To: <CAPORhP6zXGcj5HHkWNUjWh9kWXmKc5xmV3Q9PiUzpXA4q84qtg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <CAPORhP6zXGcj5HHkWNUjWh9kWXmKc5xmV3Q9PiUzpXA4q84qtg@mail.gmail.com> you write: >Hello, > >When I would do acme.sh --install-cert where do the certificates end up? Wherever you tell it to put them. This would be a good time to try acme.sh --help Also be sure to look at the --reloadcmd option, which lets you do whatever you need to do once it's put the new certs where you told them to put them. I use acme.sh with my local apache, works great. I can give you the scripts but you wouldn't want them because the verification uses a custom API on my DNS server. R's, John >On 7/27/18, Andrea Venturoli <ml@netfence.it> wrote: >> On 7/27/18 2:23 PM, David Mehler wrote: >> >>> The thing that is holding me back is deployment, how do you deploy >>> your tls certificates? >> >> You once do "acme.sh --install-cert ..." >> Then let "acme.sh --cron" do the rest periodically. >> >> >> >>> Yesterday I did it manually but I only did it >>> for one domain, copied the files where I wanted them and manually >>> entered the tls information in apache's setup. >> >> You'll still need to set up Apache (or other software) correctly, but >> "acme.sh --install-cert" will copy them for you. >> >> >> >>> I've got the cron script going so ideally i'd like to get a >>> certificate renewed if needed cron takes care of that, then the >>> certificate and key are deployed to where they need to go and the >>> service or services are restarted. >> >> That's exactly what "acme.sh --cron" does. >> >> >> >>> My second question and this one is a curiousity, the certificates that >>> are made end with a .cer extension, can I change this in the script? >> >> Yes and no. >> AFAIK, in acme.sh database they'll be .cer, but, since you shouldn't >> mess directly with it, this should not matter. >> When you use "acme.sh --install-cert" you can rename them as you like. >> >> >> >> bye >> av. >> >_______________________________________________ >freebsd-questions@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180728013456.C61F62002E64B3>