Date: Fri, 27 Jul 2018 08:23:07 -0400 From: David Mehler <dave.mehler@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: acme.sh and certificate deployment Message-ID: <CAPORhP7bq_NiL7kt0iqVBfenfX9P_YWXbbY75L5bg7yWjEDrLw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I'm really thinking about converting my existing letsencrypt effort from acme-client to acme.sh script. This is on FreeBSD 11.1 and I'm using apache 2.4, and postfix, and dovecot, I think those are the only tls-enabled services i've got. I like the fact that acme.sh can do a wildcard certificate as I only need one for the tld and not x for all subdomains. I do like that fact that it also can handle ECC curves. The thing that is holding me back is deployment, how do you deploy your tls certificates? Yesterday I did it manually but I only did it for one domain, copied the files where I wanted them and manually entered the tls information in apache's setup. I've got the cron script going so ideally i'd like to get a certificate renewed if needed cron takes care of that, then the certificate and key are deployed to where they need to go and the service or services are restarted. My second question and this one is a curiousity, the certificates that are made end with a .cer extension, can I change this in the script? Thanks. Dave.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP7bq_NiL7kt0iqVBfenfX9P_YWXbbY75L5bg7yWjEDrLw>