History

Adrian 8a751571b7 Add dyndns and letsencrypt helpers		2020-04-17 01:09:18 +02:00
..
README.md	Add dyndns and letsencrypt helpers	2020-04-17 01:09:18 +02:00
config	Add dyndns and letsencrypt helpers	2020-04-17 01:09:18 +02:00
dehydrated-manual	Add dyndns and letsencrypt helpers	2020-04-17 01:09:18 +02:00
dehydrated-nsupdate	Add dyndns and letsencrypt helpers	2020-04-17 01:09:18 +02:00
example-hook	Add dyndns and letsencrypt helpers	2020-04-17 01:09:18 +02:00

README.md

Let's Encrypt

Download Let's Encrypt client (only dehydrated needed): https://github.com/dehydrated-io/dehydrated/releases/latest

sudo mkdir -p /data/ssl/{configs,challenge}
sudo chown -R admin: /data/ssl

cp config dehydrated-* /data/ssl

# List all domains for automatic renewal
editor /data/ssl/domains.txt

/data/ssl/dehydrated -r

To enable certificate renewal, include snippets/letsencrypt or put redirect-ssl-all in sites-enabled.

Cronjob

/data/ssl/dehydrated -c

Wildcard Certificates

echo "service.example.com *.service.example.com" >> /data/ssl/domains.txt
echo "CHALLENGETYPE=dns-01" >> /data/ssl/configs/service.example.com
echo "HOOK=/data/ssl/dehydrated-hook" >> /data/ssl/configs/service.example.com

There are manual and nsupdate hooks. See example-hook for an example nsupdate hook.