summaryrefslogtreecommitdiff
path: root/letsencrypt-helpers/README
diff options
context:
space:
mode:
Diffstat (limited to 'letsencrypt-helpers/README')
-rw-r--r--letsencrypt-helpers/README23
1 files changed, 23 insertions, 0 deletions
diff --git a/letsencrypt-helpers/README b/letsencrypt-helpers/README
new file mode 100644
index 0000000..f33a31c
--- /dev/null
+++ b/letsencrypt-helpers/README
@@ -0,0 +1,23 @@
+
+Requirements:
+
+o This assume that acme-tiny is cloned to ~/acme-tiny
+o Furthermore, that there is a ~/acme-challenge and that is aliased in apache:
+ | Alias "/.well-known/acme-challenge" "/srv/letsencrypt/acme-challenge"
+o Also, we want an account key in ~:
+ (umask 277 && ! [ -e account.key ] && openssl genrsa 4096 > account.key)
+o And you want the letsencrypt chain file letsencryptauthorityx1.pem
+ in ~/certs/extra
+o Optionally, a dh file in ~/certs/extra/dh-4096.pem
+ openssl dhparam -out ~/certs/extra/dh-4096.pem 4096
+o And you want this bin directory in PATH for your letsencrypt role user.
+
+
+Usage:
+ o vhost-step-1 creates a new key, a new csr, and creates a .crt file
+ o After that, enable your new vhost
+ o vhost-step-2 then does the letsencrypt challenge stuff, and updates the .crt file
+
+Continued maintenance:
+ o run renew-as-required from cron, probably using chronic.
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 19:36:00 +0000