acme.sh and certificate deployment
ml at netfence.it
Fri Jul 27 15:04:35 UTC 2018
On 7/27/18 2:23 PM, David Mehler wrote:
> The thing that is holding me back is deployment, how do you deploy
> your tls certificates?
You once do "acme.sh --install-cert ..."
Then let "acme.sh --cron" do the rest periodically.
> Yesterday I did it manually but I only did it
> for one domain, copied the files where I wanted them and manually
> entered the tls information in apache's setup.
You'll still need to set up Apache (or other software) correctly, but
"acme.sh --install-cert" will copy them for you.
> I've got the cron script going so ideally i'd like to get a
> certificate renewed if needed cron takes care of that, then the
> certificate and key are deployed to where they need to go and the
> service or services are restarted.
That's exactly what "acme.sh --cron" does.
> My second question and this one is a curiousity, the certificates that
> are made end with a .cer extension, can I change this in the script?
Yes and no.
AFAIK, in acme.sh database they'll be .cer, but, since you shouldn't
mess directly with it, this should not matter.
When you use "acme.sh --install-cert" you can rename them as you like.
More information about the freebsd-questions