From owner-freebsd-questions@freebsd.org Sat Jul 28 01:35:00 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10745105D6BC for ; Sat, 28 Jul 2018 01:35:00 +0000 (UTC) (envelope-from johnl@iecc.com) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gal.iecc.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 84FED72CC3 for ; Sat, 28 Jul 2018 01:34:59 +0000 (UTC) (envelope-from johnl@iecc.com) Received: (qmail 11343 invoked from network); 28 Jul 2018 01:34:57 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=2c4b.5b5bc841.k1807; bh=2UVRQiC8Y1jwtW0HTD/crxCmwm6sANJqsaqodTWOS3Q=; b=wFTfdwIXtGD60AwjyCvCujypKFe6X0pqHtbVvoTvYhGsqnkHCRbPHTwCqcyT+aixMULN69b0kqaxqRftoxVzxxasaVVgMNCDg6BzRo0lQXcqW2Ok1HUQPBf8zBJ+OFIOpca1RgIkX34BJWHSJu9nGMGXbaGv8SxNSXvb+fafapS7sFCMcdqwbOlaIjV8TngaFQpDqtFmHrIMEI03gYjjAGl/wvNGKdNwzWr5M0RbXF9fG80TD+taeL3yGPIBcEi6 Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 28 Jul 2018 01:34:56 -0000 Received: by ary.qy (Postfix, from userid 501) id C61F62002E64B3; Fri, 27 Jul 2018 21:34:56 -0400 (EDT) Date: 27 Jul 2018 21:34:56 -0400 Message-Id: <20180728013456.C61F62002E64B3@ary.qy> From: "John Levine" To: freebsd-questions@freebsd.org Cc: dave.mehler@gmail.com Subject: Re: acme.sh and certificate deployment In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jul 2018 01:35:00 -0000 In article you write: >Hello, > >When I would do acme.sh --install-cert where do the certificates end up? Wherever you tell it to put them. This would be a good time to try acme.sh --help Also be sure to look at the --reloadcmd option, which lets you do whatever you need to do once it's put the new certs where you told them to put them. I use acme.sh with my local apache, works great. I can give you the scripts but you wouldn't want them because the verification uses a custom API on my DNS server. R's, John >On 7/27/18, Andrea Venturoli wrote: >> On 7/27/18 2:23 PM, David Mehler wrote: >> >>> The thing that is holding me back is deployment, how do you deploy >>> your tls certificates? >> >> You once do "acme.sh --install-cert ..." >> Then let "acme.sh --cron" do the rest periodically. >> >> >> >>> Yesterday I did it manually but I only did it >>> for one domain, copied the files where I wanted them and manually >>> entered the tls information in apache's setup. >> >> You'll still need to set up Apache (or other software) correctly, but >> "acme.sh --install-cert" will copy them for you. >> >> >> >>> I've got the cron script going so ideally i'd like to get a >>> certificate renewed if needed cron takes care of that, then the >>> certificate and key are deployed to where they need to go and the >>> service or services are restarted. >> >> That's exactly what "acme.sh --cron" does. >> >> >> >>> My second question and this one is a curiousity, the certificates that >>> are made end with a .cer extension, can I change this in the script? >> >> Yes and no. >> AFAIK, in acme.sh database they'll be .cer, but, since you shouldn't >> mess directly with it, this should not matter. >> When you use "acme.sh --install-cert" you can rename them as you like. >> >> >> >> bye >> av. >> >_______________________________________________ >freebsd-questions@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >