Welcome to Centmin Mod Community
Register Now

Beta Branch acmetool.sh 0.8.3 add DNS mode to get Letsencrypt SSL cert only

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 23, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    8:50 AM
    Nginx 1.13.x
    MariaDB 5.5
    acmetool.sh 0.8.3 add DNS mode to get Letsencrypt SSL cert only

    added a certonly-issue command line mode which doesn't touch or setup nginx vhosts, but just gets the SSL certificate via manual DNS mode

    For example, to get Letsencrypt SSL Certificate for acme9.domain1.com

    staging test Letsencrypt SSL certificate
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com
    

    live Letsencrypt SSL certificate
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com live
    


    Continue reading...

    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    8:50 AM
    Nginx 1.13.x
    MariaDB 5.5
    Example output. Note using DNS mode instead of webroot mode means, you manually need to setup the domain's DNS domain validation with the instructed TXT DNS record
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com
    
    -----------------------------------------------------------
    [DNS mode] issue & install letsencrypt ssl certificate for acme9.domain1.com
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --staging --issue --dns -d acme9.domain1.com -k 2048 --useragent centminmod-centos7-acmesh-webroot
    [Tue Aug 23 01:31:18 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Tue Aug 23 01:31:21 UTC 2016] Skip register account key
    [Tue Aug 23 01:31:21 UTC 2016] Creating domain key
    [Tue Aug 23 01:31:21 UTC 2016] Use length 2048
    [Tue Aug 23 01:31:21 UTC 2016] Using RSA: 2048
    [Tue Aug 23 01:31:21 UTC 2016] Single domain='acme9.domain1.com'
    [Tue Aug 23 01:31:21 UTC 2016] Verify each domain
    [Tue Aug 23 01:31:21 UTC 2016] Getting webroot for domain='acme9.domain1.com'
    [Tue Aug 23 01:31:21 UTC 2016] Getting token for domain='acme9.domain1.com'
    [Tue Aug 23 01:31:27 UTC 2016] Add the following TXT record:
    [Tue Aug 23 01:31:27 UTC 2016] Domain: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 01:31:27 UTC 2016] TXT value: vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90
    [Tue Aug 23 01:31:27 UTC 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Tue Aug 23 01:31:27 UTC 2016] so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 01:31:28 UTC 2016] Please add the TXT records to the domains, and retry again.
    
    -----------------------------------------------------------------------
    DNS mode requires manual steps outlined below to complete issuance
    -----------------------------------------------------------------------
    Add the following TXT record:
    Domain: _acme-challenge.acme9.domain1.com
    TXT value: vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90
    Please be aware that you prepend _acme-challenge. before your domain
    so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
    Please add the TXT records to the domains, and retry again.
    Final Step to complete SSL Certificate Issuance
    Once DNS updated for acme9.domain1.com
    You need to run manually the command:
      /root/.acme.sh/acme.sh --renew -d acme9.domain1.com
    ssl certs will be located at located at: /root/.acme.sh/acme9.domain1.com
    

    So from instructions, you need to setup a DNS TXT record for _acme-challenge.acme9.domain1.com with value of vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90

    and then once DNS TXT record propagated, run
    Code (Text):
    /root/.acme.sh/acme.sh --renew -d acme9.domain1.com
    

    which will get letsencrypt SSL certificate saved to /root/.acme.sh/acme9.domain1.com
    Code (Text):
    ls -lah /root/.acme.sh/acme9.domain1.com
    total 24K
    drwxr-xr-x 2 root root 4.0K Aug 23 01:31 .
    drwx------ 8 root root 4.0K Aug 23 01:31 ..
    -rw-r--r-- 1 root root 1.8K Aug 23 01:31 acme9.domain1.com.cer
    -rw-r--r-- 1 root root  317 Aug 23 01:31 acme9.domain1.com.conf
    -rw-r--r-- 1 root root  903 Aug 23 01:31 acme9.domain1.com.csr
    -rw-r--r-- 1 root root 1.7K Aug 23 01:31 acme9.domain1.com.key
    -rw-r--r-- 1 root root   79 Aug 23 01:31 acme9.domain1.com.ssl.conf
    
     
    Last edited: Aug 23, 2016
    • Like Like x 1