Learn about Centmin Mod LEMP Stack today
Become a Member

Beta Branch add --installcert text for acmetool.sh 0.8.5 DNS mode

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 23, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:14 PM
    Nginx 1.13.x
    MariaDB 5.5
  2. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,593
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,789
    Local Time:
    1:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    acmetool.sh 0.8.5 updated for DNS Mode to add instructions if you want to manually install the obtained SSL cert via --installcert command
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com
    
    -----------------------------------------------------------
    [DNS mode] issue & install letsencrypt ssl certificate for acme9.domain1.com
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --staging --issue --force --dns -d acme9.domain1.com -k 2048 --useragent centminmod-centos7-acmesh-dns
    [Tue Aug 23 04:47:12 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Tue Aug 23 04:47:15 UTC 2016] Skip register account key
    [Tue Aug 23 04:47:15 UTC 2016] Single domain='acme9.domain1.com'
    [Tue Aug 23 04:47:15 UTC 2016] Verify each domain
    [Tue Aug 23 04:47:15 UTC 2016] Getting webroot for domain='acme9.domain1.com'
    [Tue Aug 23 04:47:15 UTC 2016] Getting token for domain='acme9.domain1.com'
    [Tue Aug 23 04:47:22 UTC 2016] Add the following TXT record:
    [Tue Aug 23 04:47:22 UTC 2016] Domain: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 04:47:22 UTC 2016] TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA
    [Tue Aug 23 04:47:22 UTC 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Tue Aug 23 04:47:22 UTC 2016] so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 04:47:22 UTC 2016] Please add the TXT records to the domains, and retry again.
    
    ---------------------------------
    DNS mode requires manual steps below
    ---------------------------------
    Add the following TXT record:
    Domain: _acme-challenge.acme9.domain1.com
    TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA
    Once DNS updated for acme9.domain1.com, run SSH command:
    ---------------------------------
      /root/.acme.sh/acme.sh --renew -d acme9.domain1.com
    ---------------------------------
    SSL certs will be located : /root/.acme.sh/acme9.domain1.com
    
    If want to install cert into Nginx vhost, run SSH command:
    ---------------------------------
      /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key
    ---------------------------------
    SSL certs will be installed at : /usr/local/nginx/conf/ssl/acme9.domain1.com/

    So in DNS mode

    1. updated DNS in DNS mode

    2. run command
    Code (Text):
    /root/.acme.sh/acme.sh --renew -d acme9.domain1.com
    


    3. optional install cert to existing Nginx vhost command
    Code (Text):
    /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key