config/letsencrypt/README.md

# Let's Encrypt

Download Let's Encrypt client (only `dehydrated` needed):
https://github.com/dehydrated-io/dehydrated/releases/latest

```sh
sudo mkdir -p /data/ssl/{configs,challenge}
sudo chown -R admin: /data/ssl

cp config dehydrated-* /data/ssl

# List all domains for automatic renewal
editor /data/ssl/domains.txt

/data/ssl/dehydrated -r
```

To enable certificate renewal,
`include snippets/letsencrypt` or put `redirect-ssl-all` in sites-enabled.

## Cronjob

```sh
/data/ssl/dehydrated -c
```

## Wildcard Certificates

```sh
echo "service.example.com *.service.example.com" >> /data/ssl/domains.txt
echo "CHALLENGETYPE=dns-01" >> /data/ssl/configs/service.example.com
echo "HOOK=/data/ssl/dehydrated-hook" >> /data/ssl/configs/service.example.com
```

There are manual and nsupdate hooks.
See [example-hook](example-hook) for an example nsupdate hook.
Add dyndns and letsencrypt helpers 2020-04-16 23:45:18 +02:00			`# Let's Encrypt`

			Download Let's Encrypt client (only `dehydrated` needed):
			`https://github.com/dehydrated-io/dehydrated/releases/latest`

			```sh
			`sudo mkdir -p /data/ssl/{configs,challenge}`
			`sudo chown -R admin: /data/ssl`

			`cp config dehydrated-* /data/ssl`

			`# List all domains for automatic renewal`
			`editor /data/ssl/domains.txt`

			`/data/ssl/dehydrated -r`
			```

			`To enable certificate renewal,`
			`include snippets/letsencrypt` or put `redirect-ssl-all` in sites-enabled.

			`## Cronjob`

			```sh
			`/data/ssl/dehydrated -c`
			```

			`## Wildcard Certificates`

			```sh
			`echo "service.example.com *.service.example.com" >> /data/ssl/domains.txt`
			`echo "CHALLENGETYPE=dns-01" >> /data/ssl/configs/service.example.com`
			`echo "HOOK=/data/ssl/dehydrated-hook" >> /data/ssl/configs/service.example.com`
			```

			`There are manual and nsupdate hooks.`
			`See [example-hook](example-hook) for an example nsupdate hook.`