Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:tt_acme_certificates [2017/09/01 09:47]
abelbeck [Issuing Certificates]
userdoc:tt_acme_certificates [2020/09/07 11:34] (current)
abelbeck [ACME Configuration]
Line 3: Line 3:
 AstLinux now supports generating [[https://​letsencrypt.org|Let'​s Encrypt]] certificates using the [[wp>​Automated_Certificate_Management_Environment|ACME]] protocol. AstLinux now supports generating [[https://​letsencrypt.org|Let'​s Encrypt]] certificates using the [[wp>​Automated_Certificate_Management_Environment|ACME]] protocol.
  
-AstLinux uses the ''​acme-client''​ command as a front-end to the core ''​acme.sh''​ script provided by the [[https://​github.com/​Neilpang/​acme.sh|acme.sh]] project. ​ The ''​acme-client''​ command limits issued certificates to only use DNS challenge validation, as such you need a supported DNS provider, of which there are well over 20 as of this writing.+AstLinux uses the ''​acme-client''​ command as a front-end to the core ''​acme.sh''​ script provided by the [[https://​github.com/​acmesh-official/​acme.sh|acme.sh]] project. ​ The ''​acme-client''​ command limits issued certificates to only use DNS challenge validation, as such you need a supported DNS provider, of which there are well over 20 as of this writing.
  
 The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates. The Command Line Interface (CLI) must be used to initially issue and deploy ACME certificates.
Line 22: Line 22:
  
 The "ACME Account Email Address"​ registration email address is used for expiry notifications,​ while optional it seems like a good idea to specify. The "ACME Account Email Address"​ registration email address is used for expiry notifications,​ while optional it seems like a good idea to specify.
 +
 +!!Note -> AstLinux 1.4.0!! or later, the "ACME Account Email Address"​ can be used for renewal notifications,​ more info: **[[userdoc:​tt_acme_certificates#​additional_cli_commands|Additional CLI Commands]]**.
  
 !!Tip ->!! Clicking on the blue ''​(i)''​ icon will display topic information text similar to this documentation page. !!Tip ->!! Clicking on the blue ''​(i)''​ icon will display topic information text similar to this documentation page.
Line 38: Line 40:
  
   pbx4 ~ # acme-client --version   pbx4 ~ # acme-client --version
-  https://​github.com/​Neilpang/acme.sh +  https://​github.com/​acmesh-official/acme.sh 
-  v2.7.2+  v2.8.7
  
 Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare. ​ We need to export the ''​CF_Key''​ and ''​CF_Email''​ variables, adjust to match your credentials ... Only DNS challenge validation is supported within AstLinux, as such you need a supported DNS provider, in this example we are using Cloudflare. ​ We need to export the ''​CF_Key''​ and ''​CF_Email''​ variables, adjust to match your credentials ...
Line 46: Line 48:
   pbx4 ~ # export CF_Email="​email@example.com"​   pbx4 ~ # export CF_Email="​email@example.com"​
  
-Other DNS providers require different exported variables, see the [[https://​github.com/​Neilpang/acme.sh/blob/master/dnsapi/README.md|DNS API]] documentation for the details.\\+Other DNS providers require different exported variables, see the [[https://​github.com/​acmesh-official/acme.sh/wiki/dnsapi|DNS API]] documentation for the details.\\
 !!Tip ->!! Mentally replace ''​acme.sh''​ with ''​acme-client''​ when referencing the acme.sh documentation. !!Tip ->!! Mentally replace ''​acme.sh''​ with ''​acme-client''​ when referencing the acme.sh documentation.
  
Line 139: Line 141:
  
   pbx4 ~ # acme-client --remove -d pbx4.example.org   pbx4 ~ # acme-client --remove -d pbx4.example.org
 +
 +Enable renewal notifications via email, (AstLinux 1.4.0 or later)
 +
 +  pbx4 ~ # acme-client --set-notify --notify-hook mail --notify-level 2
 +
 +!!Tip ->!! As above, with ''​--notify-level 1''​ only email errors and ''​--notify-level 0''​ disables email notifications
  
 \\ \\