LetsEncrypt with ACME on OpenWRT: Difference between revisions
mNo edit summary |
mNo edit summary |
||
| Line 31: | Line 31: | ||
Also see contents of acme.sh --help below. | Also see contents of acme.sh --help below. | ||
==== Examples ==== | ====Examples==== | ||
* /usr/lib/acme/acme.sh --revoke --domain WhatEverDomainName.xyz | */usr/lib/acme/acme.sh --revoke --domain WhatEverDomainName.xyz | ||
* /usr/lib/acme/acme.sh --list | */usr/lib/acme/acme.sh --list | ||
* /usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | */usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | ||
=== Certbot Comparisons === | |||
* Webroot Method | |||
** Acme.sh: --webroot WhatEverPath | |||
** Certbot: --webroot --webroot-path WhatEverPath (there are no parameters after --webroot, so it seems Acme.sh just combined the two commands since --webroot for Certbot implies --webroot-path would be needed, if there's no default) | |||
* Get a Certificate | |||
** Acme.sh --issue | |||
** Certbot: certonly (no double dashes) | |||
* Obtaining a Certificate via DNS | |||
** Acme.sh --issue --dns dns_nsupdate --domain WhatEverDomain | |||
** Certbot: certonly --dns-rfc2136 --dns-rfc2136-credentials WhatEverCredentialFile -d WhatEverDomain | |||
=== Using DNS (BIND / Named) to Obtain a Certificate (with a Certbot comparison thrown in) === | |||
==== BIND / Named Stuff to do ==== | |||
First generate a "user name / password" (AKA ''[https://linux.die.net/man/8/dnssec-keygen nametype]''and ''[https://linux.die.net/man/8/dnssec-keygen key]'') | |||
* Acme.sh: dnssec-keygen -a hmac-sha512 -b 512 -n USER | |||
* Certbot: | |||
==== Acme.sh Stuff to do ==== | |||
This needs a dedicated article... | |||
===Files=== | ===Files=== | ||