]>
Commit | Line | Data |
---|---|---|
89822bc1 | 1 | # letsencrypt.sh [![Build Status](https://travis-ci.org/lukas2511/letsencrypt.sh.svg?branch=master)](https://travis-ci.org/lukas2511/letsencrypt.sh) |
61f0b7ed | 2 | |
e567a87e | 3 | This is a client for signing certificates with an ACME-server (currently only provided by letsencrypt) implemented as a relatively simple bash-script. |
274e8e41 LS |
4 | |
5 | It uses the `openssl` utility for everything related to actually handling keys and certificates, so you need to have that installed. | |
6 | ||
7 | Other dependencies are (for now): curl, sed | |
8 | ||
9 | Perl no longer is a dependency. | |
77df80b5 | 10 | The only remaining perl code in this repository is the script you can use to convert your existing letsencrypt-keyfile into something openssl (and this script) can read. |
274e8e41 LS |
11 | |
12 | Current features: | |
13 | - Signing of a list of domains | |
14 | - Renewal if a certificate is about to expire | |
12c566b1 | 15 | - Certificate revocation |
274e8e41 LS |
16 | |
17 | Please keep in mind that this software and even the acme-protocol are relatively young and may still have some unresolved issues. | |
18 | Feel free to report any issues you find with this script or contribute by submitting a pullrequest. | |
0d7913ab LS |
19 | |
20 | ## Usage: | |
21 | ||
22 | Add domains to domains.txt like in this example: | |
23 | ||
24 | ``` | |
25 | example.com www.example.com | |
26 | example.net www.example.net wiki.example.net | |
27 | ``` | |
28 | ||
29 | This states that there should be two certificates `example.com` and `example.net`, | |
30 | with the other domains in the corresponding line being their alternative names. | |
31 | ||
32 | You'll also need to set up a webserver to serve the challenge-response directory as configured with `$WELLKNOWN`, | |
33 | or you can use the hook in the script if you want to deploy it some other way (e.g. copy it to a server via scp). | |
34 | ||
35 | After doing those two things you can just `./letsencrypt.sh`, and it should generate certificates. | |
36 | ||
37 | It can be used inside a cronjob as it automatically detects if a certificate is about to expire. | |
38 | ||
12c566b1 LS |
39 | ### Certificate revocation |
40 | ||
41 | Usage: `./letsencrypt.sh revoke path/to/cert.pem` | |
42 | ||
43 | ### nginx config | |
0d7913ab LS |
44 | |
45 | If you want to use nginx you can set up a location block to serve your challenge responses: | |
46 | ||
47 | ``` | |
48 | location /.well-known/acme-challenge { | |
49 | root /var/www/letsencrypt; | |
50 | } | |
51 | ``` | |
52 | ||
53 | ## Import | |
54 | ||
55 | ### import-account.pl | |
56 | ||
57 | This perl-script can be used to import the account key from the original letsencrypt client. | |
58 | ||
59 | You should copy `private_key.json` to the same directory as the script. | |
60 | The json-file can be found in a subdirectory of `/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory`. | |
61 | ||
ffa35427 | 62 | Usage: `./import-account.pl` |
0d7913ab LS |
63 | |
64 | ### import-certs.sh | |
65 | ||
66 | This script can be used to import private keys and certificates created by the original letsencrypt client. | |
67 | ||
68 | By default it expects the certificates to be found under `/etc/letsencrypt`, which is the default output directory of the original client. | |
69 | You can change the path by setting LETSENCRYPT in your config file: ```LETSENCRYPT="/etc/letsencrypt"```. | |
70 | ||
71 | Usage: `./import-certs.sh` |