diff options
| author | Yuuta Liang <yuuta@yuuta.moe> | 2023-11-06 07:38:57 +0800 |
|---|---|---|
| committer | Yuuta Liang <yuuta@yuuta.moe> | 2023-11-06 07:38:57 +0800 |
| commit | 59cb71bd995424d151236785b82cc36745443d73 (patch) | |
| tree | 769af188c30ba37281d9d049a4087d91ed390f7b | |
| parent | 59928e475cbde32cfeddb1eea1c1ca0faa58ddf4 (diff) | |
| download | kb-59cb71bd995424d151236785b82cc36745443d73.tar kb-59cb71bd995424d151236785b82cc36745443d73.tar.gz kb-59cb71bd995424d151236785b82cc36745443d73.tar.bz2 kb-59cb71bd995424d151236785b82cc36745443d73.zip | |
Acme.sh
| -rw-r--r-- | docs/sysadmin/pki/acmesh.md | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/sysadmin/pki/acmesh.md b/docs/sysadmin/pki/acmesh.md index 408d254..63a3aa6 100644 --- a/docs/sysadmin/pki/acmesh.md +++ b/docs/sysadmin/pki/acmesh.md @@ -1 +1,28 @@ # acme.sh + +[Acme.sh](https://github.com/acmesh-official/acme.sh) is an automatic ACME +client. It handles key creation, CSR signing, ACME request, challenge handling, +order finalization, key / cert installation, and automatic renew. + +## Use Let's Encrypt + +```shell +% acme.sh --server letsencrypt +``` + +## Use CloudFlare DNS API + +```shell +#!/bin/sh +set -e +export CF_Token="" +export CF_Account_ID="" +export CF_Zone_ID="" +exec acme.sh --server letsencrypt --home /var/lib/acme/.acme.sh/ --dns dns_cf "$@" +``` + +## sudoers(5) rule to allow sudo reload hook + +``` +acme ALL=(root) NOPASSWD: /usr/local/sbin/acmereload +``` |