add --installcert text for acmetool.sh 0.8.5 DNS mode Continue reading... 123.09beta01 branch Branch: https://github.com/centminmod/centminmod/tree/123.09beta01 Commit History: https://github.com/centminmod/centminmod/commits/123.09beta01
acmetool.sh 0.8.5 updated for DNS Mode to add instructions if you want to manually install the obtained SSL cert via --installcert command Code (Text): ./acmetool.sh certonly-issue acme9.domain1.com ----------------------------------------------------------- [DNS mode] issue & install letsencrypt ssl certificate for acme9.domain1.com ----------------------------------------------------------- /root/.acme.sh/acme.sh --staging --issue --force --dns -d acme9.domain1.com -k 2048 --useragent centminmod-centos7-acmesh-dns [Tue Aug 23 04:47:12 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org [Tue Aug 23 04:47:15 UTC 2016] Skip register account key [Tue Aug 23 04:47:15 UTC 2016] Single domain='acme9.domain1.com' [Tue Aug 23 04:47:15 UTC 2016] Verify each domain [Tue Aug 23 04:47:15 UTC 2016] Getting webroot for domain='acme9.domain1.com' [Tue Aug 23 04:47:15 UTC 2016] Getting token for domain='acme9.domain1.com' [Tue Aug 23 04:47:22 UTC 2016] Add the following TXT record: [Tue Aug 23 04:47:22 UTC 2016] Domain: _acme-challenge.acme9.domain1.com [Tue Aug 23 04:47:22 UTC 2016] TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA [Tue Aug 23 04:47:22 UTC 2016] Please be aware that you prepend _acme-challenge. before your domain [Tue Aug 23 04:47:22 UTC 2016] so the resulting subdomain will be: _acme-challenge.acme9.domain1.com [Tue Aug 23 04:47:22 UTC 2016] Please add the TXT records to the domains, and retry again. --------------------------------- DNS mode requires manual steps below --------------------------------- Add the following TXT record: Domain: _acme-challenge.acme9.domain1.com TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA Once DNS updated for acme9.domain1.com, run SSH command: --------------------------------- /root/.acme.sh/acme.sh --renew -d acme9.domain1.com --------------------------------- SSL certs will be located : /root/.acme.sh/acme9.domain1.com If want to install cert into Nginx vhost, run SSH command: --------------------------------- /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key --------------------------------- SSL certs will be installed at : /usr/local/nginx/conf/ssl/acme9.domain1.com/ So in DNS mode 1. updated DNS in DNS mode 2. run command Code (Text): /root/.acme.sh/acme.sh --renew -d acme9.domain1.com 3. optional install cert to existing Nginx vhost command Code (Text): /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key