Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Jul 2018 17:04:17 +0200
From:      Andrea Venturoli <ml@netfence.it>
To:        freebsd-questions@freebsd.org, dave.mehler@gmail.com
Subject:   Re: acme.sh and certificate deployment
Message-ID:  <120e2cd3-b6a4-ac3d-714e-8597b88f95ed@netfence.it>
In-Reply-To: <CAPORhP7bq_NiL7kt0iqVBfenfX9P_YWXbbY75L5bg7yWjEDrLw@mail.gmail.com>
References:  <CAPORhP7bq_NiL7kt0iqVBfenfX9P_YWXbbY75L5bg7yWjEDrLw@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 7/27/18 2:23 PM, David Mehler wrote:

> The thing that is holding me back is deployment, how do you deploy
> your tls certificates?

You once do "acme.sh --install-cert ..."
Then let "acme.sh --cron" do the rest periodically.



> Yesterday I did it manually but I only did it
> for one domain, copied the files where I wanted them and manually
> entered the tls information in apache's setup.

You'll still need to set up Apache (or other software) correctly, but
"acme.sh --install-cert" will copy them for you.



> I've got the cron script going so ideally i'd like to get a
> certificate renewed if needed cron takes care of that, then the
> certificate and key are deployed to where they need to go and the
> service or services are restarted.

That's exactly what "acme.sh --cron" does.



> My second question and this one is a curiousity, the certificates that
> are made end with a .cer extension, can I change this in the script?

Yes and no.
AFAIK, in acme.sh database they'll be .cer, but, since you shouldn't 
mess directly with it, this should not matter.
When you use "acme.sh --install-cert" you can rename them as you like.



  bye
	av.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?120e2cd3-b6a4-ac3d-714e-8597b88f95ed>