Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userguide:let_s_encrypt_for_internal_servers [2019/03/13 18:28]
Dan Brown [Issue the certificate] Add discussion of --test
userguide:let_s_encrypt_for_internal_servers [2020/02/02 06:47] (current)
Dan Brown [Issue the certificate]
Line 13: Line 13:
  
 ===== The Solution ===== ===== The Solution =====
-Here, I’m going to describe how to use [[https://​github.com/​Neilpang/​acme.sh|acme.sh]] to obtain a cert using DNS validation, assuming your DNS is hosted at [[https://​www.cloudflare.com/​|Cloudflare]]. Cloudflare provides DNS hosting at no cost, and they have a robust, well-supported API which works well for these purposes. However, acme.sh supports the APIs of a number of DNS hosts; the list, along with instructions for use, can be found in [[https://​github.com/​Neilpang/acme.sh/blob/master/dnsapi/README.md|the acme.sh documentation]]. All the commands below will be run as root from the shell on your Neth server.+Here, I’m going to describe how to use [[https://​github.com/​Neilpang/​acme.sh|acme.sh]] to obtain a cert using DNS validation, assuming your DNS is hosted at [[https://​www.cloudflare.com/​|Cloudflare]]. Cloudflare provides DNS hosting at no cost, and they have a robust, well-supported API which works well for these purposes. However, acme.sh supports the APIs of a number of DNS hosts; the list, along with instructions for use, can be found in [[https://​github.com/​acmesh-official/acme.sh/wiki/dnsapi|the acme.sh documentation]]. All the commands below will be run as root from the shell on your Neth server.
  
 **If you do not have your DNS hosted with Cloudflare, you cannot follow these instructions as written--you'​ll need to adapt them for your DNS hosting solution.** **If you do not have your DNS hosted with Cloudflare, you cannot follow these instructions as written--you'​ll need to adapt them for your DNS hosting solution.**
Line 55: Line 55:
   --reloadcmd "/​sbin/​e-smith/​signal-event certificate-update"​   --reloadcmd "/​sbin/​e-smith/​signal-event certificate-update"​
 </​file>​ </​file>​
-dn+
 This command will issue your certificate,​ specify the paths for the cert, key, and chain files to be copied to, and indicate that signal-event certificate-update is to be run whenever this cert renews. You can include as many FQDNs in the cert as you want by just adding more -d fqdn parameters. As above, if you aren’t using Cloudflare, change dns_cf to the appropriate API for your DNS host, as described at the documentation linked above. This command will issue your certificate,​ specify the paths for the cert, key, and chain files to be copied to, and indicate that signal-event certificate-update is to be run whenever this cert renews. You can include as many FQDNs in the cert as you want by just adding more -d fqdn parameters. As above, if you aren’t using Cloudflare, change dns_cf to the appropriate API for your DNS host, as described at the documentation linked above.