Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Jul 2018 08:23:07 -0400
From:      David Mehler <dave.mehler@gmail.com>
To:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   acme.sh and certificate deployment
Message-ID:  <CAPORhP7bq_NiL7kt0iqVBfenfX9P_YWXbbY75L5bg7yWjEDrLw@mail.gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello,

I'm really thinking about converting my existing letsencrypt effort
from acme-client to acme.sh script. This is on FreeBSD 11.1 and I'm
using apache 2.4, and postfix, and dovecot, I think those are the only
tls-enabled services i've got.

I like the fact that acme.sh can do a wildcard certificate as I only
need one for the tld and not x for all subdomains. I do like that fact
that it also can handle ECC curves.

The thing that is holding me back is deployment, how do you deploy
your tls certificates? Yesterday I did it manually but I only did it
for one domain, copied the files where I wanted them and manually
entered the tls information in apache's setup.

I've got the cron script going so ideally i'd like to get a
certificate renewed if needed cron takes care of that, then the
certificate and key are deployed to where they need to go and the
service or services are restarted.

My second question and this one is a curiousity, the certificates that
are made end with a .cer extension, can I change this in the script?

Thanks.
Dave.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAPORhP7bq_NiL7kt0iqVBfenfX9P_YWXbbY75L5bg7yWjEDrLw>