acme-client and multiple domains periodic renewal

[David Mehler]

Hello,

Thanks. I'm getting closer, by that I mean I've got the certificates
renewed, whether they will auto-renew I'll find out in three months.
Below is my renewing script, my deployment script which just restarts
apache since the certificates are in the same place, and my
periodic.conf file. If anyone sees anything wrong please let me know,
i'd like for 3 months down the road this to automatically renew.

To Peter, and maybe this should go offlist, could you send me a
complete virtual host definition sanitized of name? It seems like
we're doing the same thing, but your setup is working, mine isn't and
I'm wondering if i'm overdoing something. I'd appreciate it.

Thanks.
Dave.


# periodic.conf definition
weekly_acme_client_enable="YES"
# Specify the renew script to run
weekly_acme_client_renewscript="/usr/local/etc/acme/renewcerts"
# Specify the deploy script to run
weekly_acme_client_deployscript="/usr/local/etc/acme/deploycerts"

renewcerts
#!/bin/sh -e
BASEDIR="/usr/local/etc/acme"
SSLDIR="/usr/local/etc/ssl/acme"
DOMAINSFILE="${BASEDIR}/domains.txt"
ACME_FLAGS="-v -b -e -C /usr/local/www/.well-known -m -O -n -N"
cat "${DOMAINSFILE}" | while read domain line ; do
   set +e # RC=2 when time to expire > 30 days
   acme-client ${ACME_FLAGS} ${domain} ${line}
   RC=$?
   set -e
   [ $RC -ne 0 -a $RC -ne 2 ] && exit $RC
done

deploycerts
#!/bin/sh
set -e
service apache24 reload



On 1/18/18, Peter Boosten <peter at boosten.org> wrote:
> Hi David,
>
> I’ve defined the acme alias for every virtual host:
>
> <VirtualHost something>
>
>   Alias /.well-known/acme-challenge "/usr/local/www/acme/"
>
>   SSLCertificateFile …
>
>   SSLEngine on
>   <IfModule mod_rewrite.c>
>     RewriteEngine on
>     RewriteCond %{HTTPS} !=on
>     RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
>   </IfModule>
>
>   <Directory "/usr/local/www/acme/">
>       Options None
>       AllowOverride None
>       ForceType text/plain
>       Require all granted
>   </Directory>
>
> </VirtualHost>
>
> The main difference between your and my configuration is the Alias. It took
> me a while to get this right.
>
> /usr/local/etc/acme/acme-client.sh holds this:
>
> BASEDIR="/usr/local/etc/acme"
> SSLDIR="/usr/local/etc/ssl/acme"
> DOMAINSFILE="${BASEDIR}/domains.txt"
> CHALLENGEDIR="/usr/local/www/acme"
>
> and
> domains.txt:
>
> domain.one www.domain.one sub.domain.one sub2.domain.one
>
> I did some troubleshooting by running the acme-client (in /usr/local/bin)
> manually (don’t forget the -s, or else you will be blocked for some time).
>
> Peter
>
>
>