You are here: start » tools » ssl

Differences

This shows you the differences between two versions of the page.

--- tools:ssl [2022/06/25 12:26]
darron [Renew certs]
+++ tools:ssl [2023/10/16 13:32] (current)
darron [Remove cert]
@@ Line 27: / Line 27: @@
 a daily cron job.
-This cron job will be replaced later.
+Disable the following cron job which will be replaced later by a different script.
 <code>
@@ Line 34: / Line 34: @@
 </code>
-Additionally, a line is to the shell profile, eg. for TCSH:
+Additionally, a line is added to your shell profile, eg. for TCSH:
 <code>
@@ Line 40: / Line 40: @@
 </code>
-The source contains
+The source file included contains the following
 <code>
 setenv LE_WORKING_DIR "/home/user/.acme.sh"
@@ Line 55: / Line 55: @@
 # issue.sh
+ID=`id -u`
+if test "$ID" -eq 0; then
+        echo "run as user"
+        exit 1
+fi
 if test $# -ne 1; then
         echo "missing vhost"
@@ Line 63: / Line 67: @@
 sudo mkdir -p /var/www/htdocs/$VHOST/.well-known/acme-challenge
-sudo chown -R $USER:$USER /var/www/htdocs/$VHOST/.well-known
+sudo chown -R $USER:$GROUP /var/www/htdocs/$VHOST/.well-known
 export LE_WORKING_DIR="$HOME/.acme.sh"
-$HOME/.acme.sh/acme.sh --issue -d $VHOST -w /var/www/htdocs/$VHOST
+$HOME/.acme.sh/acme.sh --force --issue -d $VHOST -w /var/www/htdocs/$VHOST
 sudo mkdir -p /var/www/ssl
@@ Line 72: / Line 76: @@
 sudo mkdir -p /var/www/ssl/$VHOST
-sudo chown -R $USER:$USER /var/www/ssl/$VHOST
+sudo chown -R $USER:$GROUP /var/www/ssl/$VHOST
 $HOME/.acme.sh/acme.sh --install-cert --domain $VHOST --cert-file /var/www/ssl/$VHOST/cert.pem --key-file /var/www/ssl/$VHOST/key.pem --ca-file /var/www/ssl/$VHOST/ca.pem --fullchain-file /var/www/ssl/$VHOST/fullchain.pem
@@ Line 88: / Line 92: @@
 # renew.sh
+ID=`id -u`
+if test "$ID" -eq 0; then
+        echo "run as user"
+        exit 1
+fi
-sudo find /var/www/htdocs/ -type d -name ".well-known" -exec chown -R $USER:$USER {} \;
+sudo find /var/www/htdocs/ -type d -name ".well-known" -exec chown -R $USER:$GROUP {} \;
 export LE_WORKING_DIR="$HOME/.acme.sh"
@@ Line 102: / Line 111: @@
 #sudo kill -HUP  `ps auxw | egrep '^root.*nginx: master' | grep -v grep | awk '{print $2}'`
 #sudo kill -USR1 `ps auxw | egrep '^root.*apache2' | grep -v grep | awk '{print $2}'`
 sudo /etc/init.d/nginx reload
+exit 0
+</code>
+Eg.
+<code>
+0 2 * * /home/user/bin/renew.sh 1>/dev/null 2>/dev/null
+</code>
+===Remove cert===
+<code>
+#! /bin/bash
+# remove.sh
+ID=`id -u`
+if test "$ID" -eq 0; then
+        echo "run as user"
+        exit 1
+fi
+if test $# -ne 1; then
+        echo "missing vhost"
+        exit 1
+fi
+VHOST=$1
+export LE_WORKING_DIR="$HOME/.acme.sh"
+$HOME/.acme.sh/acme.sh --remove -d $VHOST
+rm -Rf $HOME/.acme.sh/$VHOST*
+sudo rm -Rf /var/www/ssl/$VHOST
 exit 0
@@ Line 113: / Line 151: @@
 # m h dom mon dow command
 0 2 * * /home/user/bin/renew.sh 1>/dev/null 2>/dev/null
+</code>
+===Changing issuer====
+==Let's encrypt==
+<code>
+acme.sh --set-default-ca --server letsencrypt
+</code>
+==zerossl==
+<code>
+acme.sh --set-default-ca --server zerossl
+</code>
+===Other===
+After issuing and later renewing certificates fullchain.pem and key.pem may be
+copied and utilised by both exim and dovecot. Exim will
+need read permission for the exim user.
+For example, fullchain and key are copied into /etc/exim4/ssl
+==Exim4==
+<code>
+tls_certificate = /etc/exim4/ssl/certificate.pem
+tls_privatekey  = /etc/exim4/ssl/privatekey.pem
+</code>
+==Dovecot==
+<code>
+ssl_cert = </etc/exim4/ssl/certificate.pem
+ssl_key = </etc/exim4/ssl/privatekey.pem
 </code>

Differences

start

tools

advertisement

Toolbox