userdoc:tt_acme_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
userdoc:tt_acme_certificates [2020/09/06 11:46]
abelbeck [ACME Configuration] 		userdoc:tt_acme_certificates [2020/09/07 11:31]
abelbeck
Line 3: Line 3:
 AstLinux now supports generating [[https://letsencrypt.org|Let's Encrypt]] certificates using the [[wp>Automated_Certificate_Management_Environment|ACME]] protocol. AstLinux now supports generating [[https://letsencrypt.org|Let's Encrypt]] certificates using the [[wp>Automated_Certificate_Management_Environment|ACME]] protocol.
  
-AstLinux uses the ''acme-client'' command as a front-end to the core ''acme.sh'' script provided by the [[https://github.com/Neilpang/acme.sh|acme.sh]] project.  The ''acme-client'' command limits issued certificates to only use DNS challenge validation, as such you need a supported DNS provider, of which there are well over 20 as of this writing.+AstLinux uses the ''acme-client'' command as a front-end to the core ''acme.sh'' script provided by the [[https://github.com/acmesh-official/acme.sh|acme.sh]] project.  The ''acme-client'' command limits issued certificates to only use DNS challenge validation, as such you need a supported DNS provider, of which there are well over 20 as of this writing.
  
 The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates. The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates.
Line 42: Line 42:
  
   pbx4 ~ # acme-client --version   pbx4 ~ # acme-client --version
-  https://github.com/Neilpang/acme.sh +  https://github.com/acmesh-official/acme.sh 
-  v2.7.2+  v2.8.7
  
 Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare.  We need to export the ''CF_Key'' and ''CF_Email'' variables, adjust to match your credentials ... Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare.  We need to export the ''CF_Key'' and ''CF_Email'' variables, adjust to match your credentials ...
Line 50: Line 50:
   pbx4 ~ # export CF_Email="email@example.com"   pbx4 ~ # export CF_Email="email@example.com"
  
-Other DNS providers require different exported variables, see the [[https://github.com/Neilpang/acme.sh/blob/master/dnsapi/README.md|DNS API]] documentation for the details.\\+Other DNS providers require different exported variables, see the [[https://github.com/acmesh-official/acme.sh/wiki/dnsapi|DNS API]] documentation for the details.\\
 !!Tip ->!! Mentally replace ''acme.sh'' with ''acme-client'' when referencing the acme.sh documentation. !!Tip ->!! Mentally replace ''acme.sh'' with ''acme-client'' when referencing the acme.sh documentation.
  
Line 143: Line 143:
  
   pbx4 ~ # acme-client --remove -d pbx4.example.org   pbx4 ~ # acme-client --remove -d pbx4.example.org
 +
 +Enable renewal notifications via email, (AstLinux 1.4.0 or later)
 +
 +  pbx4 ~ # acme-client --set-notify --notify-hook mail --notify-level 2
 +
 +!!Tip ->!! As above, with ''--notify-level 1'' only email errors and ''--notify-level 0'' disables email notifications
  
 \\ \\
  • userdoc/tt_acme_certificates.txt
  • Last modified: 2020/09/07 11:34
  • by abelbeck