Beta Branch acmetool.sh 0.8.3 add DNS mode to get Letsencrypt SSL cert only

acmetool.sh 0.8.3 add DNS mode to get Letsencrypt SSL cert only

---

added a certonly-issue command line mode which doesn't touch or setup nginx vhosts, but just gets the SSL certificate via manual DNS mode

For example, to get Letsencrypt SSL Certificate for acme9.domain1.com

staging test Letsencrypt SSL certificate

Code (Text):

./acmetool.sh certonly-issue acme9.domain1.com

live Letsencrypt SSL certificate

Code (Text):

./acmetool.sh certonly-issue acme9.domain1.com live

Continue reading...

123.09beta01 branch

• Branch: GitHub - centminmod/centminmod at 123.09beta01
• Commit History: Commits · centminmod/centminmod · GitHub

 

Example output. Note using DNS mode instead of webroot mode means, you manually need to setup the domain's DNS domain validation with the instructed TXT DNS record

Code (Text):

./acmetool.sh certonly-issue acme9.domain1.com

-----------------------------------------------------------
[DNS mode] issue & install letsencrypt ssl certificate for acme9.domain1.com
-----------------------------------------------------------
/root/.acme.sh/acme.sh --staging --issue --dns -d acme9.domain1.com -k 2048 --useragent centminmod-centos7-acmesh-webroot
[Tue Aug 23 01:31:18 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue Aug 23 01:31:21 UTC 2016] Skip register account key
[Tue Aug 23 01:31:21 UTC 2016] Creating domain key
[Tue Aug 23 01:31:21 UTC 2016] Use length 2048
[Tue Aug 23 01:31:21 UTC 2016] Using RSA: 2048
[Tue Aug 23 01:31:21 UTC 2016] Single domain='acme9.domain1.com'
[Tue Aug 23 01:31:21 UTC 2016] Verify each domain
[Tue Aug 23 01:31:21 UTC 2016] Getting webroot for domain='acme9.domain1.com'
[Tue Aug 23 01:31:21 UTC 2016] Getting token for domain='acme9.domain1.com'
[Tue Aug 23 01:31:27 UTC 2016] Add the following TXT record:
[Tue Aug 23 01:31:27 UTC 2016] Domain: _acme-challenge.acme9.domain1.com
[Tue Aug 23 01:31:27 UTC 2016] TXT value: vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90
[Tue Aug 23 01:31:27 UTC 2016] Please be aware that you prepend _acme-challenge. before your domain
[Tue Aug 23 01:31:27 UTC 2016] so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
[Tue Aug 23 01:31:28 UTC 2016] Please add the TXT records to the domains, and retry again.

-----------------------------------------------------------------------
DNS mode requires manual steps outlined below to complete issuance
-----------------------------------------------------------------------
Add the following TXT record:
Domain: _acme-challenge.acme9.domain1.com
TXT value: vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90
Please be aware that you prepend _acme-challenge. before your domain
so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
Please add the TXT records to the domains, and retry again.
Final Step to complete SSL Certificate Issuance
Once DNS updated for acme9.domain1.com
You need to run manually the command:
  /root/.acme.sh/acme.sh --renew -d acme9.domain1.com
ssl certs will be located at located at: /root/.acme.sh/acme9.domain1.com

So from instructions, you need to setup a DNS TXT record for _acme-challenge.acme9.domain1.com with value of vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90

and then once DNS TXT record propagated, run

Code (Text):

/root/.acme.sh/acme.sh --renew -d acme9.domain1.com

which will get letsencrypt SSL certificate saved to /root/.acme.sh/acme9.domain1.com

Code (Text):

ls -lah /root/.acme.sh/acme9.domain1.com
total 24K
drwxr-xr-x 2 root root 4.0K Aug 23 01:31 .
drwx------ 8 root root 4.0K Aug 23 01:31 ..
-rw-r--r-- 1 root root 1.8K Aug 23 01:31 acme9.domain1.com.cer
-rw-r--r-- 1 root root  317 Aug 23 01:31 acme9.domain1.com.conf
-rw-r--r-- 1 root root  903 Aug 23 01:31 acme9.domain1.com.csr
-rw-r--r-- 1 root root 1.7K Aug 23 01:31 acme9.domain1.com.key
-rw-r--r-- 1 root root   79 Aug 23 01:31 acme9.domain1.com.ssl.conf