Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Nick Janetakis
    @nickjanetakis_twitter
    for the TXT challenge
    but for namesilo it set a 7200 TTL with a 900 sleep
    Georg
    @teadur
    were the SOA entries for zones identical ?
    Nick Janetakis
    @nickjanetakis_twitter
    looking at the source code, you hardcode a TTL 120 for digitalocean
    but for namesilo you don't set a TTL when making the api call
    Georg
    @teadur
    i didnot write acme.sh :)
    Nick Janetakis
    @nickjanetakis_twitter
    oh oops haha
    Georg
    @teadur
    im just a user like you
    Nick Janetakis
    @nickjanetakis_twitter
    thanks for the help btw
    Georg
    @teadur
    np
    Nick Janetakis
    @nickjanetakis_twitter
    it does seem to be a case where the namesilo api never sets rrttl (the field used by namesilo's api for setting the ttl)
    in acme.sh's codebase i mean
    aaronstuder
    @aaronstuder
    Hello
    Is there a way to use acme.sh fully automated within a script?
    Matt Deering
    @mattgphoto
    Hey guys, having a heck of a time trying to figure out how to do this with gcloud dns, do I need to edit the dns_gcloud.sh file?
    Matt Deering
    @mattgphoto
    gcloud init for instance, doesn't work on a synology :-D
    Matt Deering
    @mattgphoto
    Ah well, I tried everything I could. With no support, can't use your script. Take care!
    kingdevnl
    @kingdevnl
    Heyo, is letsencrypt down?
    John Losito
    @jlosito
    Hello. Does anyone know if there’s a way to install the client without it automatically setting a cron job?
    John Losito
    @jlosito
    Nevermind. I found it. There’s an option for it. —nocron
    John Losito
    @jlosito
    Is there any way upon installation to not create the aliases?
    michealkd
    @michealkd
    hi there, new to acme.sh - think its awesome as i saved me time creating 2 wildcards.
    i run the docker container from docker-hub, question, does Neils container support custom cron parameters, for instance storing a custom --reloadcmd then issuing it after renewals
    cliff v
    @powerdude
    hi. QQ about Synology NAS use. can you use this script to configure SANs with your domain cert? In the UI, you can specify a 'xxxx.synology.me' SAN so that you just need one cert. would the "-d" option work for this?
    Haelwenn Monnier
    @lanodan
    Hi, is there a way to disable the Dns Over {TLS,HTTP}? It's been broken for me and TTL based is fine for me as I'm self-hosted.
    neil
    @Neilpang
    @lanodan Sorry for the problem. you can use --dnssleep 200 to sleep 200 sconds before the dns records propagate, which will disable the auto DNS over HTTPS checkings.
    Haelwenn Monnier
    @lanodan
    Thanks it worked.
    neil
    @Neilpang
    @lanodan please try the latest dev branch without --dnssleep, it should be working now.
    Mariano Rodríguez
    @MarianoRD
    Hello everyone, I'm having an issue when I try to create a certificate with 'dns_dgon' it supposedly creates the TXT record, but then tries to find it in CloudFlare
    donnib
    @donnib
    hi
    can i use the docker image to run acme.sh and then get access to the cert outside the docker image thru a volume ?
    if so which folder do i mount ?
    donnib
    @donnib
    never mind, i found the wiki explaining it :)
    michealkd
    @michealkd
    Yes you can.
    wurzelpanzer
    @wurzelpanzer
    Hi, i created a dnsapi for easyDNS. I want to contribute it to the community. So I followed almost all the steps in the dev guide. Few questions: how can i edit a wiki entry? How do I upload my file? Thanks;
    wurzelpanzer
    @wurzelpanzer
    I just got it on my own.
    Adrian
    @adrianpkr_gitlab
    Doesn't the --reloadcmd flag imply that acme.sh runs as root? I wouldn't expect a regular user to be able to execute that request.
    Moviuro
    @moviuro
    Hi all! Why would /usr/local/sbin/acme.sh --ecc --renew --ocsp -d try.popho.be --dns dns_ovh --cert-file /usr/local/etc/ssl/try.popho.be/try.popho.be.cer --key-file /usr/local/etc/ssl/try.popho.be/try.popho.be.key --fullchain-file /usr/local/etc/ssl/try.popho.be/fullchain.cer NOT put the new files in place in the /usr/local/etc/ssl/try.popho.be/ dir?
    The log file at /root/.acme.sh/acme.sh.log does NOT mention that directory anywhere; and acme.sh proudly said "Your cert is in /root/.acme.sh/try.popho.be_ecc/try.popho.be.cer", which is clearly not what I expect
    Carl Dong
    @dongcarl
    Any way to change the --reloadcmd after I have installed the cert?
    isshwar
    @isshwar
    Hi All, I would like to know if i am doing something wrong. I am tried to generate certificates for multiple domains as below
    acme.sh --renew --staging --force --dns dns_acmedns -d test1.pageplace.de --dns dns_acmedns -d test2.pageplace.de
    but this is generating/renewing certificates only for the first domain test1.pageplace.de and ignoring the second domain test2.pageplace.de. Is there anything wrong with what i am doing?
    Also, on the same vm i have 6 domains running behind apache. Now on the account.conf file, I have only the below config. How do i extend it to all my 6 domains on the vm.
    SAVED_ACMEDNS_UPDATE_URL=''
    SAVED_ACMEDNS_USERNAME=''
    SAVED_ACMEDNS_PASSWORD=''
    SAVED_ACMEDNS_SUBDOMAIN=''
    Erik Hennerfors
    @gonace

    Hi, is there a way to get the LE TOKEN in one of the hooks? I'm looking at a solution for uploading a token to a database that will and an .NET MVC application reads the correct token depending on what domain is used for accessing /.well-known/acme-challenge

    I'm working on a system that auses custom domains that we do not have any controll over, so we'd like to provide letsencrypt cerificates for a wide range of domains.

    raphet
    @raphet
    I use nginx and not all my domains have a webroot, some or simply proxy passing to some listener. However "--nginx" instead of "-w /my/domain/web/root/" always results in an error after nginx parsing that the script can't find the server block but it's clearly there... and then, sadly I'm blocked for a week at letsencrypt.
    raphet
    @raphet

    One more thing:
    I think acme.sh makes it a bit too complicated with storing certificates locally ~/.acme.sh I see no reason why this is happening. And the cronjob for renewal is very opaque.
    This together with me having 2 certificates (RSA4096 and ECC265) per domain and 5 domains, make handling acme.sh a huge pain because there are 7 lines per each like as follows ends in 70 lines:

    acme.sh --issue -w /var/www/abc -d domain1 -d www.domain1 \
--keylength ec-384 \
--key-file /etc/letsencrypt/domain1/ecc/key.pem \
--ca-file /etc/letsencrypt/domain1/ecc/ca.pem \
--cert-file /etc/letsencrypt/domain1/ecc/cert.pem \
--fullchain-file /etc/letsencrypt/domain1/ecc/fullchain.pem \
--reloadcmd "sudo /bin/systemctl reload nginx"

    1) Is there a way to simply have two commands for issuing (d o it once)
    2) It would be much easier and transparent if I can write a little shell script that replaces {ecc|rsa} and the different domain names and use --nginx instead of all the webroots (that dont' all exist) - for renewal and then put that as a cronjob. Not some very intransparent, global 

    crontab -l
48 0 * * * "/home/letsencrypt/.acme.sh"/acme.sh --cron --home "/home/letsencrypt/.acme.sh" > /dev/null
    raphet
    @raphet
    Maybe I'm doing it wrong but I feel like I don't have much control over acme.sh
    Is a constructively meant suggestion: How about a config file that holds above values for each domain and acme.sh just parses it when cronjobbing/renewal, but I do need --nginx to work since most of the domains directly proxy pass to upstream servers.
    e.g. like in ~/.acme.sh/config (any format would work, xml/json etc.)
    [domain1 ecc]
d: domain1.com
d: www.domain1.com
key-length: ec-384 #1x ecc
certificate-folder: /etc/letsencrypt/domain1/ecc/
verify: nginx
[domain1 rsa]
d: domain1.com
d: www.domain1.com
key-length: 4096 #1x rsa
certificate-folder: /etc/letsencrypt/domain1/rsa/
verify: nginx
[domain2 ecc]
...
    As compared to the current situation where I have to execute these 10 commands for issuing and hope I didn't execute any multiple times - by accident. I don't know which jobs ones are stored, which ones will be renewed and I cann't handle domains without static webroot. But maybe I'm alone here and the target audience is just for 1domain/1certificate/1host users?
    raphet
    @raphet
    Yes, I should use github issue to report this. I just wanted to know if I'm off the beaten path having 5 different domains,each having an RSA and an ECC certificate. :shell:
    raphet
    @raphet
    Bug issue created for --nginx mode with generic port 80 listener: acmesh-official/acme.sh#3130
    raphet
    @raphet
    Well, this was a not so informative excursion.
    /exit