I and my girlfriend are working on debianizing acme-client application
https://github.com/baytuch/acme-client
/etc/acme-client.conf:
Code:
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain example.com {
alternative names { example.com www.example.com }
domain key "/etc/ssl/example/private/privkey.pem"
domain certificate "/etc/ssl/example/cert.pem"
domain full chain certificate "/etc/ssl/example/chain.pem"
sign with letsencrypt
challengedir "/var/www/acme"
}
/etc/apache2/conf-available/acme.conf:
Code:
Alias /.well-known/acme-challenge /var/www/acme/
<Directory "/var/www/acme/">
Options -Indexes
</Directory>
Enable conf for acme client:
reissue script example
certs_reissue.sh :
Code:
#!/bin/sh
rm -f /etc/ssl/example/chain.pem
rm -f /etc/ssl/example/cert.pem
acme-client -Fv example.com || exit 1
rm -f /etc/apache2/SSL/example/private/privkey.pem
rm -f /etc/apache2/SSL/example/cert.pem
rm -f /etc/apache2/SSL/example/chain.pem
cp /etc/ssl/example/private/privkey.pem /etc/apache2/SSL/example/private/privkey.pem
cp /etc/ssl/example/cert.pem /etc/apache2/SSL/example/cert.pem
cp /etc/ssl/example/chain.pem /etc/apache2/SSL/example/chain.pem
systemctl stop apache2
systemctl start apache2
crontab:
Code:
5 2 1 * * /usr/lib/vps/certs_reissue.sh >/dev/null 2>&1
Create pkg:
Code:
sudo apt-get install build-essential
sudo apt-get install fakeroot dh-make
sudo apt-get install bison
sudo apt-get install autoconf
sudo apt-get install libssl-dev
sudo apt-get install libbsd0 libbsd-dev
git clone https://github.com/baytuch/acme-client.git
cd acme-client/
dpkg-buildpackage -rfakeroot -b --no-sign
https://github.com/baytuch/acme-clie...8.04_amd64.deb
https://github.com/baytuch/acme-clie...0.04_amd64.deb
Bookmarks