From owner-freebsd-questions@freebsd.org  Fri Jul 27 23:32:06 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9B89B105A552
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 27 Jul 2018 23:32:06 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com
 [IPv6:2a00:1450:4864:20::433])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 17CD58F02E
 for <freebsd-questions@freebsd.org>; Fri, 27 Jul 2018 23:32:06 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: by mail-wr1-x433.google.com with SMTP id q10-v6so6560735wrd.4
 for <freebsd-questions@freebsd.org>; Fri, 27 Jul 2018 16:32:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=91Y12bR4UImj1prBgLX4b/EmK50j4L5C5eQdneMTrAU=;
 b=ZowvikKBN9OcFOeGwjSopVJ91LRbYaLhG7++6UwQsQxV40bXjp6qSQcbcrgLPHZrB/
 XNXTZENhP4QwaXhEjFf9YpZMnC7EVh+rJhzINVEj8820yzBxOVZOn6ucx2rRijOaQOUr
 /3oRbio57P3bTC5TC+CKbxkKUXRoGm4yeKrMhxj6oAbadfliDV4vPgH3wGhxiRjO1mRg
 cr/zTtXhDCP1xGZLsb9xgvDv+0v8Zwz6XMB4kBgnVUd9wZUJn+VFAn3nGB7Njfk3MaCM
 R27/m7xmZaa4E0vtkKBqKSy96HeS5A0H1dbmd7sjLUb/g/bEbQti43+CJ5+3sTvbQp6A
 UAsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=91Y12bR4UImj1prBgLX4b/EmK50j4L5C5eQdneMTrAU=;
 b=NAK42H2Qp1bma7wg2Gx1BElpp8+t3YA2vGK+EExj2fyqpOFcQVNN/oobLkMeb8npWS
 MQRkM60XsWKpcWv8pwER0e/7UsHlr/E2gZHI3Ddf/5ee6IZpG7NF5KGCm/m3HE1+/Vcs
 rjVVp/EVpRMd3zVqb87xDxPXcd5xTlatr5QZXCQ7d4T5hEoRPh2wUakh7F3h6cWRRSwq
 PPPLZHA3JJ/LsGw3dAZrccHt1nBSLVTWl0RiFBgnIur0oegSl2nWuQUhEAyvoR0oame4
 oqHlmz0+nmGkVdIVe6Sxz4OlGdtKuDRU+8ZGso+00oYhOBE9UUHLh3mces90ZuWq6MZ6
 5f4A==
X-Gm-Message-State: AOUpUlHt24HKxx556QaCMp4kSJFk/A1oLrZ92CafCceWRH9FFT737doM
 dbfelwv6rJmXjXiacpZSu5VZeEY61xFdM22MixjgzsJV
X-Google-Smtp-Source: AAOMgpc8YJ0O0Ym/cLAByZeC/S1RT/VnZyd+oO7Iz4U/KvOKtCivbQxNb4JPy1OLwlAEyVWkNo95ZNgZHCW0vrR+SGc=
X-Received: by 2002:adf:f50e:: with SMTP id
 q14-v6mr6404558wro.241.1532734325153; 
 Fri, 27 Jul 2018 16:32:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:e20c:0:0:0:0:0 with HTTP; Fri, 27 Jul 2018 16:32:04
 -0700 (PDT)
In-Reply-To: <120e2cd3-b6a4-ac3d-714e-8597b88f95ed@netfence.it>
References: <CAPORhP7bq_NiL7kt0iqVBfenfX9P_YWXbbY75L5bg7yWjEDrLw@mail.gmail.com>
 <120e2cd3-b6a4-ac3d-714e-8597b88f95ed@netfence.it>
From: David Mehler <dave.mehler@gmail.com>
Date: Fri, 27 Jul 2018 19:32:04 -0400
Message-ID: <CAPORhP6zXGcj5HHkWNUjWh9kWXmKc5xmV3Q9PiUzpXA4q84qtg@mail.gmail.com>
Subject: Re: acme.sh and certificate deployment
To: Andrea Venturoli <ml@netfence.it>
Cc: freebsd-questions@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 23:32:06 -0000

Hello,

When I would do acme.sh --install-cert where do the certificates end up?

Thanks.
Dave.


On 7/27/18, Andrea Venturoli <ml@netfence.it> wrote:
> On 7/27/18 2:23 PM, David Mehler wrote:
>
>> The thing that is holding me back is deployment, how do you deploy
>> your tls certificates?
>
> You once do "acme.sh --install-cert ..."
> Then let "acme.sh --cron" do the rest periodically.
>
>
>
>> Yesterday I did it manually but I only did it
>> for one domain, copied the files where I wanted them and manually
>> entered the tls information in apache's setup.
>
> You'll still need to set up Apache (or other software) correctly, but
> "acme.sh --install-cert" will copy them for you.
>
>
>
>> I've got the cron script going so ideally i'd like to get a
>> certificate renewed if needed cron takes care of that, then the
>> certificate and key are deployed to where they need to go and the
>> service or services are restarted.
>
> That's exactly what "acme.sh --cron" does.
>
>
>
>> My second question and this one is a curiousity, the certificates that
>> are made end with a .cer extension, can I change this in the script?
>
> Yes and no.
> AFAIK, in acme.sh database they'll be .cer, but, since you shouldn't
> mess directly with it, this should not matter.
> When you use "acme.sh --install-cert" you can rename them as you like.
>
>
>
>   bye
> 	av.
>