blob: 7274dc1246478b0672bb384d32d55ca0c5b2792e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Requirements:
o This assumes that acme-tiny is cloned to ~/acme-tiny
o Furthermore, that there is a ~/acme-challenge and that is aliased in apache:
| Alias "/.well-known/acme-challenge" "/srv/letsencrypt/acme-challenge"
o Also, we want an account key in ~:
(umask 277 && ! [ -e account.key ] && openssl genrsa 4096 > account.key)
o And you want the letsencrypt chain file lets-encrypt-x1-cross-signed.pem
in ~/certs/extra
o Optionally, a dh file in ~/certs/extra/dh-4096.pem
openssl dhparam -out ~/certs/extra/dh-4096.pem 4096
o And you want this bin directory in PATH for your letsencrypt role user.
Usage:
o vhost-step-1 creates a new key, a new csr, and creates a .crt file
o After that, enable your new vhost
o vhost-step-2 then does the letsencrypt challenge stuff, and updates the .crt file
Continued maintenance:
o run renew-as-required from cron, probably using chronic.
SHELL=/bin/bash
@daily sleep $(( $RANDOM \% 7200 )) && export PATH="$HOME/bin:$PATH" && renew-as-required
|