Welcome to Centmin Mod Community
Become a Member

Master Branch update acmetool.sh 1.0.76

Discussion in 'Centmin Mod Github Commits' started by eva2000, Oct 3, 2021.

  1. eva2000

    eva2000 Administrator Staff Member

    49,586
    11,382
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,686
    Local Time:
    12:20 PM
    Nginx 1.21.x
    MariaDB 10.x
    update acmetool.sh 1.0.76

    - this update is really only for folks you created Centmin Mod Nginx HTTPS sites with Letsencrypt front facing SSL certificates and need for older CentOS 6 OpenSSL/wget/curl clients to be able to connect to those Centmin Mod Nginx HTTPS sites. If you don't have such use, there is no need to do a reissue for the updated preferred chain below
    - update addons/acmetool.sh to 1.0.76 to support configuring the preferred SSL certificate chain for Letsencrypt SSL certificates to switch from default DST Root CA X3 certificate chain to newer ISRG X1 certificate chain https://community.centminmod.com/threads/letsencrypt-dst-root-ca-x3-expiration-september-30-2021-workaround-on-centos-7-x-openssl-1-0-2.21965/. If you switch, you will break older clients ability to connect to your web server i.e. https://letsencrypt.org/docs/certificate-compatibility/ however it will help some clients on server side connect to your server i.e. CentOS 6 OpenSSL 1.0.1, wget, curl. Most modern web browsers will work either previous default or new ISRG chain as modern web browsers can find an alternative path/SSL chain to verify your Centmin Mod Nginx site's SSL chain
    - if you want your existing Centmin Mod Nginx site's Letsencrypt SSL certificates to serve the new ISRG X1 certificate chain, run cmupdate to update local server code for addons/acmetool.sh and then manually run acmetool.sh reissue-only flag for the domain you want to update. Example below for domain.com

    /usr/local/src/centminmod/addons/acmetool.sh reissue-only yourdomain.com live


    - if you want to revert to previous default DST Root CA X3 chain, set in persistent config file /etc/centminmod/custom_config.inc as per https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain the following

    ACME_PREFERRED_CHAIN=' --preferred-chain "DST Root CA X3"'

    Then reissue for your domain

    /usr/local/src/centminmod/addons/acmetool.sh reissue-only yourdomain.com live

    Continue reading...

    Centmin Mod Github Master branch

    Master branch is where most recent commits are made as at May 24, 2015.