/ Register

Want to subscribe to topics you're interested in?
Become a Member

Beta Branch add --installcert text for acmetool.sh 0.8.5 DNS mode

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 23, 2016.

Previous Thread Next Thread
Loading...
  1. Aug 23, 2016 #1
    eva2000

    eva2000 Administrator Staff Member

    36,332
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    1:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  2. Aug 23, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    36,332
    7,979
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,287
    Local Time:
    1:22 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    acmetool.sh 0.8.5 updated for DNS Mode to add instructions if you want to manually install the obtained SSL cert via --installcert command
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com

-----------------------------------------------------------
[DNS mode] issue & install letsencrypt ssl certificate for acme9.domain1.com
-----------------------------------------------------------
/root/.acme.sh/acme.sh --staging --issue --force --dns -d acme9.domain1.com -k 2048 --useragent centminmod-centos7-acmesh-dns
[Tue Aug 23 04:47:12 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue Aug 23 04:47:15 UTC 2016] Skip register account key
[Tue Aug 23 04:47:15 UTC 2016] Single domain='acme9.domain1.com'
[Tue Aug 23 04:47:15 UTC 2016] Verify each domain
[Tue Aug 23 04:47:15 UTC 2016] Getting webroot for domain='acme9.domain1.com'
[Tue Aug 23 04:47:15 UTC 2016] Getting token for domain='acme9.domain1.com'
[Tue Aug 23 04:47:22 UTC 2016] Add the following TXT record:
[Tue Aug 23 04:47:22 UTC 2016] Domain: _acme-challenge.acme9.domain1.com
[Tue Aug 23 04:47:22 UTC 2016] TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA
[Tue Aug 23 04:47:22 UTC 2016] Please be aware that you prepend _acme-challenge. before your domain
[Tue Aug 23 04:47:22 UTC 2016] so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
[Tue Aug 23 04:47:22 UTC 2016] Please add the TXT records to the domains, and retry again.

---------------------------------
DNS mode requires manual steps below
---------------------------------
Add the following TXT record:
Domain: _acme-challenge.acme9.domain1.com
TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA
Once DNS updated for acme9.domain1.com, run SSH command:
---------------------------------
  /root/.acme.sh/acme.sh --renew -d acme9.domain1.com
---------------------------------
SSL certs will be located : /root/.acme.sh/acme9.domain1.com

If want to install cert into Nginx vhost, run SSH command:
---------------------------------
  /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key
---------------------------------
SSL certs will be installed at : /usr/local/nginx/conf/ssl/acme9.domain1.com/

    So in DNS mode

    1. updated DNS in DNS mode

    2. run command
    Code (Text):
    /root/.acme.sh/acme.sh --renew -d acme9.domain1.com


    3. optional install cert to existing Nginx vhost command
    Code (Text):
    /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key
     
Previous Thread Next Thread
Loading...
..

.