acme.sh and certificate deployment
David Mehler
dave.mehler at gmail.com
Fri Jul 27 23:32:06 UTC 2018
Hello,
When I would do acme.sh --install-cert where do the certificates end up?
Thanks.
Dave.
On 7/27/18, Andrea Venturoli <ml at netfence.it> wrote:
> On 7/27/18 2:23 PM, David Mehler wrote:
>
>> The thing that is holding me back is deployment, how do you deploy
>> your tls certificates?
>
> You once do "acme.sh --install-cert ..."
> Then let "acme.sh --cron" do the rest periodically.
>
>
>
>> Yesterday I did it manually but I only did it
>> for one domain, copied the files where I wanted them and manually
>> entered the tls information in apache's setup.
>
> You'll still need to set up Apache (or other software) correctly, but
> "acme.sh --install-cert" will copy them for you.
>
>
>
>> I've got the cron script going so ideally i'd like to get a
>> certificate renewed if needed cron takes care of that, then the
>> certificate and key are deployed to where they need to go and the
>> service or services are restarted.
>
> That's exactly what "acme.sh --cron" does.
>
>
>
>> My second question and this one is a curiousity, the certificates that
>> are made end with a .cer extension, can I change this in the script?
>
> Yes and no.
> AFAIK, in acme.sh database they'll be .cer, but, since you shouldn't
> mess directly with it, this should not matter.
> When you use "acme.sh --install-cert" you can rename them as you like.
>
>
>
> bye
> av.
>
More information about the freebsd-questions
mailing list