Differences

This shows you the differences between two versions of the page.

--- userdoc:tt_acme_certificates [2017/09/01 09:47]
abelbeck [Issuing Certificates]
+++ userdoc:tt_acme_certificates [2025/02/05 05:16] (current)
mkeuter [ACME (Let's Encrypt) Certificates]
@@ Line 3: / Line 3: @@
 AstLinux now supports generating [[https://letsencrypt.org|Let's Encrypt]] certificates using the [[wp>Automated_Certificate_Management_Environment|ACME]] protocol.
-AstLinux uses the ''acme-client'' command as a front-end to the core ''acme.sh'' script provided by the [[https://github.com/Neilpang/acme.sh|acme.sh]] project.  The ''acme-client'' command limits issued certificates to only use DNS challenge validation, as such you need a supported DNS provider, of which there are well over 20 as of this writing.
+AstLinux uses the ''acme-client'' command as a front-end to the core ''acme.sh'' script provided by the [[https://github.com/acmesh-official/acme.sh|acme.sh]] project.  The ''acme-client'' command limits issued certificates to only use DNS challenge validation, as such you need a supported DNS provider, of which there are well over 20 as of this writing.
 The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates.
 !!Note: AstLinux 1.3.0 or later is required!!
+\\
+!!Note:!! From June 2025 on Let's-Encrypt doesn't send expiration/renewal emails anymore automatically.
+You can use a 3rd party service [[https://redsift.com/pulse-platform/certificates-lite|Red Sift Certificates Lite]] free for up to 250 certs.
 \\
@@ Line 22: / Line 29: @@
 The "ACME Account Email Address" registration email address is used for expiry notifications, while optional it seems like a good idea to specify.
+!!Note -> AstLinux 1.4.0!! or later, the "ACME Account Email Address" can be used for renewal notifications, more info: **[[userdoc:tt_acme_certificates#additional_cli_commands|Additional CLI Commands]]**.
 !!Tip ->!! Clicking on the blue ''(i)'' icon will display topic information text similar to this documentation page.
@@ Line 38: / Line 47: @@
   pbx4 ~ # acme-client --version
-  https://github.com/Neilpang/acme.sh
+  https://github.com/acmesh-official/acme.sh
-  v2.7.2
+  v2.8.7
 Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare.  We need to export the ''CF_Key'' and ''CF_Email'' variables, adjust to match your credentials ...
@@ Line 46: / Line 55: @@
   pbx4 ~ # export CF_Email="email@example.com"
-Other DNS providers require different exported variables, see the [[https://github.com/Neilpang/acme.sh/blob/master/dnsapi/README.md|DNS API]] documentation for the details.\\
+Other DNS providers require different exported variables, see the [[https://github.com/acmesh-official/acme.sh/wiki/dnsapi|DNS API]] documentation for the details.\\
 !!Tip ->!! Mentally replace ''acme.sh'' with ''acme-client'' when referencing the acme.sh documentation.
@@ Line 107: / Line 116: @@
   pbx4 ~ # acme-client --install-cronjob
   acme-client: Successfully added cron entry.
 \\
@@ Line 139: / Line 149: @@
   pbx4 ~ # acme-client --remove -d pbx4.example.org
+Enable renewal notifications via email, (AstLinux 1.4.0 or later)
+  pbx4 ~ # acme-client --set-notify --notify-hook mail --notify-level 2
+!!Tip ->!! As above, with ''--notify-level 1'' only email errors and ''--notify-level 0'' disables email notifications
 \\