LetsEncrypt with ACME on OpenWRT: Difference between revisions

Line 13:

The below paths were chosen simply to fit into the OpenWRT path paradigm. The /etc/config/acme file is not modified by any of the above settings. The /etc/config/acme file is for the Acme LuCI GUI.

In order to run the below command and have it 'install' in an 'industry standard' (AKA, non-OpenWRT) manner, the OPKG installation directory needs to be moved (and the run-acme file needs to be copied too)

* mv /usr/lib/acme /usr/lib/acme.OPKG - Move the OpenWRT OPKG installation to another directory

* mkdir acme - Replace the acme directory

* cp /usr/lib/acme.OPKG/run-acme /usr/lib/acme/ - Copy the OpenWRT proprietary run-acme file to it's original directory and path so the LuCI GUI can access it.

Keep in mind when updating the Acme package(s) via OPKG, the acme.sh, run-acme, and dnsapi directory will be over written. But that's fine as the acme.sh.env file should be left in place.

./usr/lib/acme/acme.sh --install --home /usr/lib/acme --cert-home /etc/acme/certs --config-home /etc/acme/config --accountemail YourEmail@YourProvider.com --accountkey /etc/acme/account --useragent "" --log /var/log/acme.log

./usr/lib/acme.OPKG/acme.sh --install --home /usr/lib/acme --cert-home /etc/acme/certs --config-home /etc/acme/config --accountemail YourEmail@YourProvider.com --accountkey /etc/acme/account --useragent "" --log /var/log/acme.log

</syntaxhighlight>In the above command(s), the switches / settings / parameters are defined as follows;

Line 26:

Line 34:

*--log: The path to the log file. Useful, just in case something goes wrong, and put in a typical OpenWRT location for log files (remember the /var directory is a soft link to the /tmp directory, so information and log files stored there will not persist across reboots of a router.

<br />

The output of the command is as follows;<syntaxhighlight lang="text">

Installing to /usr/lib/acme

Installed to /usr/lib/acme/acme.sh

No profile is found, you will need to go into /usr/lib/acme to use acme.sh

Installing cron job

Good, bash is found, so change the shebang to use bash as preferred.

OK

</syntaxhighlight><br />

===Functionality===

Based on the script files, it appears the "ACME Service" can be triggered by CRON or a Start or Restart of the service.

@@ Line 13: / Line 13: @@
 The below paths were chosen simply to fit into the OpenWRT path paradigm.  The /etc/config/acme file is not modified by any of the above settings.  The /etc/config/acme file is for the Acme LuCI GUI.
+In order to run the below command and have it 'install' in an 'industry standard' (AKA, non-OpenWRT) manner, the OPKG installation directory needs to be moved (and the run-acme file needs to be copied too)
+* mv /usr/lib/acme /usr/lib/acme.OPKG - Move the OpenWRT OPKG installation to another directory
+* mkdir acme - Replace the acme directory
+* cp /usr/lib/acme.OPKG/run-acme /usr/lib/acme/ - Copy the OpenWRT proprietary run-acme file to it's original directory and path so the LuCI GUI can access it.
+Keep in mind when updating the Acme package(s) via OPKG, the acme.sh, run-acme, and dnsapi directory will be over written.  But that's fine as the acme.sh.env file should be left in place.
 <syntaxhighlight lang="text">
-./usr/lib/acme/acme.sh --install --home /usr/lib/acme --cert-home /etc/acme/certs --config-home /etc/acme/config --accountemail YourEmail@YourProvider.com --accountkey /etc/acme/account --useragent "" --log /var/log/acme.log
+./usr/lib/acme.OPKG/acme.sh --install --home /usr/lib/acme --cert-home /etc/acme/certs --config-home /etc/acme/config --accountemail YourEmail@YourProvider.com --accountkey /etc/acme/account --useragent "" --log /var/log/acme.log
 </syntaxhighlight>In the above command(s), the switches / settings / parameters are defined as follows;
@@ Line 26: / Line 34: @@
 *--log: The path to the log file.  Useful, just in case something goes wrong, and put in a typical OpenWRT location for log files (remember the /var directory is a soft link to the /tmp directory, so information and log files stored there will not persist across reboots of a router.
-<br />
+The output of the command is as follows;<syntaxhighlight lang="text">
+Installing to /usr/lib/acme
+Installed to /usr/lib/acme/acme.sh
+No profile is found, you will need to go into /usr/lib/acme to use acme.sh
+Installing cron job
+Good, bash is found, so change the shebang to use bash as preferred.
+OK
+</syntaxhighlight><br />
 ===Functionality===
 Based on the script files, it appears the "ACME Service" can be triggered by CRON or a Start or Restart of the service.