and certificate deployment

Andrea Venturoli ml at
Fri Jul 27 15:04:35 UTC 2018

On 7/27/18 2:23 PM, David Mehler wrote:

> The thing that is holding me back is deployment, how do you deploy
> your tls certificates?

You once do " --install-cert ..."
Then let " --cron" do the rest periodically.

> Yesterday I did it manually but I only did it
> for one domain, copied the files where I wanted them and manually
> entered the tls information in apache's setup.

You'll still need to set up Apache (or other software) correctly, but
" --install-cert" will copy them for you.

> I've got the cron script going so ideally i'd like to get a
> certificate renewed if needed cron takes care of that, then the
> certificate and key are deployed to where they need to go and the
> service or services are restarted.

That's exactly what " --cron" does.

> My second question and this one is a curiousity, the certificates that
> are made end with a .cer extension, can I change this in the script?

Yes and no.
AFAIK, in database they'll be .cer, but, since you shouldn't 
mess directly with it, this should not matter.
When you use " --install-cert" you can rename them as you like.


More information about the freebsd-questions mailing list