37 lines
865 B
Markdown
37 lines
865 B
Markdown
# Let's Encrypt
|
|
|
|
Download Let's Encrypt client (only `dehydrated` needed):
|
|
https://github.com/dehydrated-io/dehydrated/releases/latest
|
|
|
|
```sh
|
|
sudo mkdir -p /data/ssl/{configs,challenge}
|
|
sudo chown -R admin: /data/ssl
|
|
|
|
cp config dehydrated-* /data/ssl
|
|
|
|
# List all domains for automatic renewal
|
|
editor /data/ssl/domains.txt
|
|
|
|
/data/ssl/dehydrated -r
|
|
```
|
|
|
|
To enable certificate renewal,
|
|
`include snippets/letsencrypt` or put `redirect-ssl-all` in sites-enabled.
|
|
|
|
## Cronjob
|
|
|
|
```sh
|
|
/data/ssl/dehydrated -c
|
|
```
|
|
|
|
## Wildcard Certificates
|
|
|
|
```sh
|
|
echo "service.example.com *.service.example.com" >> /data/ssl/domains.txt
|
|
echo "CHALLENGETYPE=dns-01" >> /data/ssl/configs/service.example.com
|
|
echo "HOOK=/data/ssl/dehydrated-hook" >> /data/ssl/configs/service.example.com
|
|
```
|
|
|
|
There are manual and nsupdate hooks.
|
|
See [example-hook](example-hook) for an example nsupdate hook.
|