/usr/local/sbin/acme.sh --ecc --renew --ocsp -d try.popho.be --dns dns_ovh --cert-file /usr/local/etc/ssl/try.popho.be/try.popho.be.cer --key-file /usr/local/etc/ssl/try.popho.be/try.popho.be.key --fullchain-file /usr/local/etc/ssl/try.popho.be/fullchain.cer
NOT put the new files in place in the /usr/local/etc/ssl/try.popho.be/
dir?
Hi, is there a way to get the LE TOKEN in one of the hooks? I'm looking at a solution for uploading a token to a database that will and an .NET MVC application reads the correct token depending on what domain is used for accessing /.well-known/acme-challenge
I'm working on a system that auses custom domains that we do not have any controll over, so we'd like to provide letsencrypt cerificates for a wide range of domains.
One more thing:
I think acme.sh makes it a bit too complicated with storing certificates locally ~/.acme.sh I see no reason why this is happening. And the cronjob for renewal is very opaque.
This together with me having 2 certificates (RSA4096 and ECC265) per domain and 5 domains, make handling acme.sh a huge pain because there are 7 lines per each like as follows ends in 70 lines:
acme.sh --issue -w /var/www/abc -d domain1 -d www.domain1 \
--keylength ec-384 \
--key-file /etc/letsencrypt/domain1/ecc/key.pem \
--ca-file /etc/letsencrypt/domain1/ecc/ca.pem \
--cert-file /etc/letsencrypt/domain1/ecc/cert.pem \
--fullchain-file /etc/letsencrypt/domain1/ecc/fullchain.pem \
--reloadcmd "sudo /bin/systemctl reload nginx"
1) Is there a way to simply have two commands for issuing (d o it once)
2) It would be much easier and transparent if I can write a little shell script that replaces {ecc|rsa} and the different domain names and use --nginx instead of all the webroots (that dont' all exist) - for renewal and then put that as a cronjob. Not some very intransparent, global
crontab -l
48 0 * * * "/home/letsencrypt/.acme.sh"/acme.sh --cron --home "/home/letsencrypt/.acme.sh" > /dev/null
[domain1 ecc]
d: domain1.com
d: www.domain1.com
key-length: ec-384 #1x ecc
certificate-folder: /etc/letsencrypt/domain1/ecc/
verify: nginx
[domain1 rsa]
d: domain1.com
d: www.domain1.com
key-length: 4096 #1x rsa
certificate-folder: /etc/letsencrypt/domain1/rsa/
verify: nginx
[domain2 ecc]
...