Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
userdoc:tt_acme_certificates [2017/07/13 17:17] abelbeck [Issuing Certificates] |
userdoc:tt_acme_certificates [2020/09/07 11:34] abelbeck [ACME Configuration] |
||
---|---|---|---|
Line 3: | Line 3: | ||
AstLinux now supports generating [[https:// | AstLinux now supports generating [[https:// | ||
- | AstLinux uses the '' | + | AstLinux uses the '' |
The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates. | The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates. | ||
Line 22: | Line 22: | ||
The "ACME Account Email Address" | The "ACME Account Email Address" | ||
+ | |||
+ | !!Note -> AstLinux 1.4.0!! or later, the "ACME Account Email Address" | ||
!!Tip ->!! Clicking on the blue '' | !!Tip ->!! Clicking on the blue '' | ||
+ | |||
+ | !!Tip ->!! The "HTTPS Server" | ||
+ | **[[userdoc: | ||
In order to apply web interface settings changes, use the CLI command: | In order to apply web interface settings changes, use the CLI command: | ||
Line 35: | Line 40: | ||
pbx4 ~ # acme-client --version | pbx4 ~ # acme-client --version | ||
- | https:// | + | https:// |
- | v2.7.2 | + | v2.8.7 |
Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare. | Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare. | ||
Line 43: | Line 48: | ||
pbx4 ~ # export CF_Email=" | pbx4 ~ # export CF_Email=" | ||
- | Other DNS providers require different exported variables, see the [[https:// | + | Other DNS providers require different exported variables, see the [[https:// |
!!Tip ->!! Mentally replace '' | !!Tip ->!! Mentally replace '' | ||
Line 77: | Line 82: | ||
[Sat Jul 1 10:10:17 CDT 2017] And the full chain certs is there: | [Sat Jul 1 10:10:17 CDT 2017] And the full chain certs is there: | ||
- | After the certificates are issued, they need to be deployed to the various services that can utilize them. In this example only "HTTPS Server" | + | After the certificates are issued, they need to be deployed to the various services that can utilize them. |
+ | |||
+ | In this example only "HTTPS Server" | ||
pbx4 ~ # acme-client --deploy --deploy-hook astlinux -d pbx4.example.org | pbx4 ~ # acme-client --deploy --deploy-hook astlinux -d pbx4.example.org | ||
Line 92: | Line 99: | ||
!!Note ->!! The DNS challenge validation credentials remain stored in the ''/ | !!Note ->!! The DNS challenge validation credentials remain stored in the ''/ | ||
+ | |||
+ | !!Special Note ->!! Depending on the acme.sh DNS provider script, some scripts store the exported credentials variable names exactly in ''/ | ||
\\ | \\ | ||
Line 132: | Line 141: | ||
pbx4 ~ # acme-client --remove -d pbx4.example.org | pbx4 ~ # acme-client --remove -d pbx4.example.org | ||
+ | |||
+ | Enable renewal notifications via email, (AstLinux 1.4.0 or later) | ||
+ | |||
+ | pbx4 ~ # acme-client --set-notify --notify-hook mail --notify-level 2 | ||
+ | |||
+ | !!Tip ->!! As above, with '' | ||
\\ | \\ |