Welcome to Centmin Mod Community
Become a Member

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    9:00 PM
    I ran acmetool.sh back to back but to two different domains not the same one.

    So now I have a test cert at test1.example.com and a live cert at test2.example.com.

    That should not make a difference should it?

    -John
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    should not make a difference, but i updated 0.6 acmetool.sh to double check the custom web root has the intended index.html files copied from public/
     
  3. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    9:00 PM
    My next test is going to be to restart my development server. I will need to update from centmin .8 to .9beta. Then install a live LE cert to the existing vhost.

    Looking at acmetool.sh, I am thinking the same command I used for my lived test would do what I need. Will it take a existing vhost and just add the LE CERTS to it?

    Looks like we are working through issues quickly!!
    Thanks
    -John
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    yeah if you have problems switching using centmin.sh menu option 23 submenu option 3, just do a clean git install as outlined at issue changing enviroment? | Centmin Mod Community
    that is the intention for addons/acmetool.sh to work on existing vhosts that exist but only really tested with non-https default setups. So testing with https default might be buggy or not.

    As all acmetool.sh does is if http domain.com.conf exists is to back it up to defined ACMEBACKUPDIR='/usr/local/nginx/conf/acmevhostbackup' directory and remove it, and backup any existing domain.com.ssl.conf if found to same defined ACMEBACKUPDIR='/usr/local/nginx/conf/acmevhostbackup' and then replace it will new acmetool.sh domain.com.ssl.conf, so yes you would loose any customisations done to your domain.com.conf and domain.com.ssl.conf Nginx vhost files and break your site if it's an existing live site
    yes getting there !
     
  5. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    9:00 PM
    Great, this is just what I needed to know. I will test all this tomorrow and post an update.
    .... or maybe sooner....

    Thanks
    -John
     
    • Like Like x 1
  6. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    9:00 PM
    I was getting ready to kill off my test server and relized I still had one unused test domain available.

    Did another live install and it did not create a index.html in the custom webroot... :(:(:(

    Everything else work great!! :):):)

    Verified that I was using acmetool.sh V0.6...

    -John
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    save your /root/centminlogs before you kill the test server for reference
     
  8. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    @jscott ah 0.6 acmetool.sh i added more verbose output for the copying of public/* files to custom web root and seems it's not seeing public/ directory as existing
    Code (Text):
    cp: cannot stat ‘/home/nginx/domains/acme3.domain1.com/public/*’: No such file or directory

    despite it existing
    Code (Text):
    ls -lah /home/nginx/domains/acme3.domain1.com/public/
    total 52K
    drwxr-s--- 2 nginx nginx 4.0K Aug 21 22:46 .
    drwxr-s--- 7 nginx nginx 4.0K Aug 21 22:49 ..
    -rw-r----- 1 nginx nginx 1.6K Aug 21 22:46 403.html
    -rw-r----- 1 nginx nginx 1.6K Aug 21 22:46 404.html
    -rw-r----- 1 nginx nginx 2.1K Aug 21 22:46 500.html
    -rw-r----- 1 nginx nginx 2.1K Aug 21 22:46 502.html
    -rw-r----- 1 nginx nginx 2.2K Aug 21 22:46 503.html
    -rw-r----- 1 nginx nginx 7.6K Aug 21 22:46 503.jpg
    -rw-r----- 1 nginx nginx 2.1K Aug 21 22:46 504.html
    -rw-r----- 1 nginx nginx 2.2K Aug 21 22:46 50x.html
    -rw-r----- 1 nginx nginx 1.4K Aug 21 22:46 index.html
    -rw-r----- 1 nginx nginx 1.7K Aug 21 22:46 maintenance.html

    but if i manually do copy it works
    Code (Text):
    \cp -Raf /home/nginx/domains/acme3.domain1.com/public/* /home/nginx/domains/acme3.domain1.com/customwebroot
    ls -lah /home/nginx/domains/acme3.domain1.com/customwebroot/                                                 
    total 52K
    drwxr-sr-x 2 nginx nginx 4.0K Aug 21 22:54 .
    drwxr-s--- 7 nginx nginx 4.0K Aug 21 22:49 ..
    -rw-r----- 1 nginx nginx 1.6K Aug 21 22:46 403.html
    -rw-r----- 1 nginx nginx 1.6K Aug 21 22:46 404.html
    -rw-r----- 1 nginx nginx 2.1K Aug 21 22:46 500.html
    -rw-r----- 1 nginx nginx 2.1K Aug 21 22:46 502.html
    -rw-r----- 1 nginx nginx 2.2K Aug 21 22:46 503.html
    -rw-r----- 1 nginx nginx 7.6K Aug 21 22:46 503.jpg
    -rw-r----- 1 nginx nginx 2.1K Aug 21 22:46 504.html
    -rw-r----- 1 nginx nginx 2.2K Aug 21 22:46 50x.html
    -rw-r----- 1 nginx nginx 1.4K Aug 21 22:46 index.html
    -rw-r----- 1 nginx nginx 1.7K Aug 21 22:46 maintenance.html
     
  9. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    @jscott acmetool.sh 0.7 updated fixed syntax issue with copying public/* index files to custom webroot :)
     
  10. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    9:00 PM
    We need a emoticon for bug squishing!!

    Did you want any of the log files you suggested saving?

    -John
     
  11. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
  12. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    Updated Centmin Mod 123.09beta01's centmin.sh menu option 2 routine in inc/nginx_addvhost.inc for additional check_dns function to check if the site domain/subdomain you are adding has a valid DNS A record.

    This allows an earlier stage check and opportunity for end user to abort nginx vhost setup if the domain DNS hasn't been updated so you can update domain's DNS before re-running centmin.sh menu option 2. This may save some headaches for Letsencrypt SSL integration via addons/acmetool.sh as the domain verification stay of issuing a Letsencrypt SSL certificate requires valid domain DNS A record pointing to server's IP address.

    Example of 2 runs for acme000.domain1.com with invalid DNS and acme3.domain1.com with valid DNS via centmin.sh menu option 2.

    Code (Text):
    ./centmin.sh 
    
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 domain1.com    
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 2
    --------------------------------------------------------
    

    invalid DNS acme000.domain1.com example
    Code (Text):
    ---------------------------------------------
    
    ---------------------------------------------------------------
    Important Information
    ---------------------------------------------------------------
    
    You are about to create an Nginx vhost site account with/without
    HTTPS/SSL support. Details of this process are outlined on site
    at domain1.com/nginx_domain_dns_setup.html. Also read the
    continually updated Getting Started Guide for Centmin Mod usage
    at domain1.com/getstarted.html which covers the pure-ftpd
    ftp username that is auto generated with the Nginx vhost site.
    
    Do you want to continue with Nginx vhost site creation ? [y/n] y
    
    Enter vhost domain name to add (without www. prefix): acme000.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    ---------------------------------------------------------------
    To get Letsencrypt SSL certificate, you must already have updated intended
    domain vhost name's DNS A record to this server's IP addresss.
    If top level domain, DNS A record is needed also for www. version of domain
    otherwise, Letsencrypt domain name validation will fail.
    ---------------------------------------------------------------
    continue [y/n] ? y
    
    
    acme000.domain1.com is not a top level domain
    current DNS A record IP address for acme000.domain1.com is: 
    !! Error: missing DNS A record for acme000.domain1.com
    
    Abort this Nginx vhost domain setup to setup proper DNS A record(s) first? [y/n]: y
    

    valid DNS acme3.domain1.com example
    Code (Text):
    ---------------------------------------------------------------
    Important Information
    ---------------------------------------------------------------
    
    You are about to create an Nginx vhost site account with/without
    HTTPS/SSL support. Details of this process are outlined on site
    at domain1.com/nginx_domain_dns_setup.html. Also read the
    continually updated Getting Started Guide for Centmin Mod usage
    at domain1.com/getstarted.html which covers the pure-ftpd
    ftp username that is auto generated with the Nginx vhost site.
    
    Do you want to continue with Nginx vhost site creation ? [y/n] y
    
    Enter vhost domain name to add (without www. prefix): acme3.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    ---------------------------------------------------------------
    To get Letsencrypt SSL certificate, you must already have updated intended
    domain vhost name's DNS A record to this server's IP addresss.
    If top level domain, DNS A record is needed also for www. version of domain
    otherwise, Letsencrypt domain name validation will fail.
    ---------------------------------------------------------------
    continue [y/n] ? y
    
    
    acme3.domain1.com is not a top level domain
    your server IP address: 111.222.333.444
    current DNS A record IP address for acme3.domain1.com is: 111.222.333.444
    
    Abort this Nginx vhost domain setup to setup proper DNS A record(s) first? [y/n]: n
    
     
    • Informative Informative x 1
  13. jscott

    jscott Member

    94
    14
    8
    Aug 13, 2015
    Ratings:
    +31
    Local Time:
    9:00 PM
    I fired up my test machine and updated centmin, and installed the live LE CERT without any problems.

    The only thing I needed to do was some minor application related stuff in the vhost config file.

    LE validation worked without any problems.

    -John
     
    • Like Like x 1
  14. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    excellent thanks John :)
     
  15. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    9:00 AM
    I tried issue live cert with HTTPS default via centmin option #22.

    It would appear LE verification fails because https default creates domain.com.ssl.conf files which has invalid code causing initial nginx reload to fail due to invalid #add_header Public-Key-Pins

    e.g. the following

    Code:
      #add_header Alternate-Protocol  443:npn-spdy/3;
      # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
      # You'd want to include subdomains if you're using SSL wildcard certificates
      # include subdomain
      #add_header Public-Key-Pins 'pin-sha256="fyuFpztdk4IzpWNL30DnctZQng0KCkHh86LTJPMixAE=
    UioEm5Faz+Ew7uHfscUnaSymPirN8LaKtjctUiJ8lJU="; pin-sha256="BHmUqdVsm/U4t16NHFdoRQ7qhiG9fu+Mj0gU+s8YRB0=
    bG37YcWL8x0yOnSbdyPjvqf5OIozggtxt8n1xyxRIU0="; max-age=86400; includeSubDomains';
      # exclude subdomains
      #add_header Public-Key-Pins 'pin-sha256="fyuFpztdk4IzpWNL30DnctZQng0KCkHh86LTJPMixAE=
    UioEm5Faz+Ew7uHfscUnaSymPirN8LaKtjctUiJ8lJU="; pin-sha256="BHmUqdVsm/U4t16NHFdoRQ7qhiG9fu+Mj0gU+s8YRB0=
    bG37YcWL8x0yOnSbdyPjvqf5OIozggtxt8n1xyxRIU0="; max-age=86400';
    
    
    Should be one liner instead of broken up like this. I am not sure if https default for just regular vhost add or other settings for that matter has this issue. Maybe should check the other routines too @eva2000
     
    • Informative Informative x 1
  16. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    interesting never experienced that before.. probably can remove the pin stuff as it's only valid for self-signed ssl certs anyway

    updated to acmetool.sh 0.8.2 and updated 123.09beta01 to remove traces of HPKP templates
     
    Last edited: Aug 23, 2016
  17. JarylW

    JarylW Active Member

    213
    39
    28
    Jun 19, 2014
    Singapore
    Ratings:
    +99
    Local Time:
    9:00 AM
    Maybe you said you didn't test with https default? That's what I'm trying with :)

    What others need testing? I'll do it together
     
    • Agree Agree x 1
  18. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    yeah haven't tested much centmin.sh menu option 22, mainly testing via acmetool.sh first for non-wordpress vhost setups

    just test it the way your work flow and understanding is first - good to get that feedback as what i laid out might not be perceived the same by end users as to the proper steps or order of things
     
    • Like Like x 1
  19. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    acmetool.sh 0.8.3 updated

    Add DNS mode to get Letsencrypt SSL cert only



    Added a certonly-issue command line mode which doesn't touch or setup nginx vhosts, but just gets the SSL certificate via manual DNS mode. (more recent example posted Oct 26, 2016)

    For example, to get Letsencrypt SSL Certificate for acme9.domain1.com

    staging test Letsencrypt SSL certificate
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com
    

    live Letsencrypt SSL certificate
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com live
    


    Example output. Note using DNS mode instead of webroot mode means, you manually need to setup the domain's DNS domain validation with the instructed TXT DNS record
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com
    
    -----------------------------------------------------------
    [DNS mode] issue & install letsencrypt ssl certificate for acme9.domain1.com
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --staging --issue --dns -d acme9.domain1.com -k 2048 --useragent centminmod-centos7-acmesh-webroot
    [Tue Aug 23 01:31:18 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Tue Aug 23 01:31:21 UTC 2016] Skip register account key
    [Tue Aug 23 01:31:21 UTC 2016] Creating domain key
    [Tue Aug 23 01:31:21 UTC 2016] Use length 2048
    [Tue Aug 23 01:31:21 UTC 2016] Using RSA: 2048
    [Tue Aug 23 01:31:21 UTC 2016] Single domain='acme9.domain1.com'
    [Tue Aug 23 01:31:21 UTC 2016] Verify each domain
    [Tue Aug 23 01:31:21 UTC 2016] Getting webroot for domain='acme9.domain1.com'
    [Tue Aug 23 01:31:21 UTC 2016] Getting token for domain='acme9.domain1.com'
    [Tue Aug 23 01:31:27 UTC 2016] Add the following TXT record:
    [Tue Aug 23 01:31:27 UTC 2016] Domain: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 01:31:27 UTC 2016] TXT value: vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90
    [Tue Aug 23 01:31:27 UTC 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Tue Aug 23 01:31:27 UTC 2016] so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 01:31:28 UTC 2016] Please add the TXT records to the domains, and retry again.
    
    -----------------------------------------------------------------------
    DNS mode requires manual steps outlined below to complete issuance
    -----------------------------------------------------------------------
    Add the following TXT record:
    Domain: _acme-challenge.acme9.domain1.com
    TXT value: vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90
    Please be aware that you prepend _acme-challenge. before your domain
    so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
    Please add the TXT records to the domains, and retry again.
    Final Step to complete SSL Certificate Issuance
    Once DNS updated for acme9.domain1.com
    You need to run manually the command:
      /root/.acme.sh/acme.sh --force --renew -d acme9.domain1.com
    ssl certs will be located at located at: /root/.acme.sh/acme9.domain1.com
    

    So from instructions, you need to setup a DNS TXT record for _acme-challenge.acme9.domain1.com with value of vW8n5bt_nZrSgHYMdNmNctK5iMXYFKHD0FGGHtjDE90

    and then once DNS TXT record propagated, run
    Code (Text):
    /root/.acme.sh/acme.sh --force --renew -d acme9.domain1.com
    

    which will get letsencrypt SSL certificate saved to /root/.acme.sh/acme9.domain1.com
    Code (Text):
    ls -lah /root/.acme.sh/acme9.domain1.com
    total 24K
    drwxr-xr-x 2 root root 4.0K Aug 23 01:31 .
    drwx------ 8 root root 4.0K Aug 23 01:31 ..
    -rw-r--r-- 1 root root 1.8K Aug 23 01:31 acme9.domain1.com.cer
    -rw-r--r-- 1 root root  317 Aug 23 01:31 acme9.domain1.com.conf
    -rw-r--r-- 1 root root  903 Aug 23 01:31 acme9.domain1.com.csr
    -rw-r--r-- 1 root root 1.7K Aug 23 01:31 acme9.domain1.com.key
    -rw-r--r-- 1 root root   79 Aug 23 01:31 acme9.domain1.com.ssl.conf
    


    SANS based DNS Mode



    Should be similar to SANS Multi-Domain SSL Certificates method, you add additional domains via comma separate syntax minus main domain www version as that is automatically added.

    Example
    Code (Text):
    ./acmetool.sh certonly-issue mydomain.com,sub1.mydomain.com

    that covers mydomain.com, www.mydomain.com and sub1.mydomain.com
     
    Last edited: Oct 26, 2016
    • Like Like x 1
  20. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    11:00 AM
    Nginx 1.13.x
    MariaDB 5.5
    acmetool.sh 0.8.5 updated for DNS Mode to add instructions if you want to manually install the obtained SSL cert via --installcert command
    Code (Text):
    ./acmetool.sh certonly-issue acme9.domain1.com
    
    -----------------------------------------------------------
    [DNS mode] issue & install letsencrypt ssl certificate for acme9.domain1.com
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --staging --issue --force --dns -d acme9.domain1.com -k 2048 --useragent centminmod-centos7-acmesh-dns
    [Tue Aug 23 04:47:12 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Tue Aug 23 04:47:15 UTC 2016] Skip register account key
    [Tue Aug 23 04:47:15 UTC 2016] Single domain='acme9.domain1.com'
    [Tue Aug 23 04:47:15 UTC 2016] Verify each domain
    [Tue Aug 23 04:47:15 UTC 2016] Getting webroot for domain='acme9.domain1.com'
    [Tue Aug 23 04:47:15 UTC 2016] Getting token for domain='acme9.domain1.com'
    [Tue Aug 23 04:47:22 UTC 2016] Add the following TXT record:
    [Tue Aug 23 04:47:22 UTC 2016] Domain: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 04:47:22 UTC 2016] TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA
    [Tue Aug 23 04:47:22 UTC 2016] Please be aware that you prepend _acme-challenge. before your domain
    [Tue Aug 23 04:47:22 UTC 2016] so the resulting subdomain will be: _acme-challenge.acme9.domain1.com
    [Tue Aug 23 04:47:22 UTC 2016] Please add the TXT records to the domains, and retry again.
    
    ---------------------------------
    DNS mode requires manual steps below
    ---------------------------------
    Add the following TXT record:
    Domain: _acme-challenge.acme9.domain1.com
    TXT value: p5T0n7DYVP5fqpsnZ3nHp8P3RzkqSF6aQ-jBTIfygAA
    Once DNS updated for acme9.domain1.com, run SSH command:
    ---------------------------------
      /root/.acme.sh/acme.sh --force --renew -d acme9.domain1.com
    ---------------------------------
    SSL certs will be located : /root/.acme.sh/acme9.domain1.com
    
    If want to install cert into Nginx vhost, run SSH command:
    ---------------------------------
      /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key
    ---------------------------------
    SSL certs will be installed at : /usr/local/nginx/conf/ssl/acme9.domain1.com/

    So in DNS mode

    1. updated DNS in DNS mode

    2. run command
    Code (Text):
    /root/.acme.sh/acme.sh --force --renew -d acme9.domain1.com
    


    3. optional install cert to existing Nginx vhost command replacing all instances of acme9.domain1.com with your domain below.
    Code (Text):
    /root/.acme.sh/acme.sh --installcert -d acme9.domain1.com --certpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.key --capath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme9.domain1.com/acme9.domain1.com-fullchain-acme.key

    Example of push notification to my mobile for DNS mode

    Screenshot_20160823-151122~01.png
     
    Last edited: Oct 26, 2016