adrian
/
config
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
config/letsencrypt/README.md

865 B
Raw Permalink Blame History

Let's Encrypt

Download Let's Encrypt client (only dehydrated needed): https://github.com/dehydrated-io/dehydrated/releases/latest

sudo mkdir -p /data/ssl/{configs,challenge}
sudo chown -R admin: /data/ssl

cp config dehydrated-* /data/ssl

# List all domains for automatic renewal
editor /data/ssl/domains.txt

/data/ssl/dehydrated -r

To enable certificate renewal, include snippets/letsencrypt or put redirect-ssl-all in sites-enabled.

Cronjob

/data/ssl/dehydrated -c

Wildcard Certificates

echo "service.example.com *.service.example.com" >> /data/ssl/domains.txt
echo "CHALLENGETYPE=dns-01" >> /data/ssl/configs/service.example.com
echo "HOOK=/data/ssl/dehydrated-hook" >> /data/ssl/configs/service.example.com

There are manual and nsupdate hooks. See example-hook for an example nsupdate hook.