1,723
edits
Difference between revisions of "LetsEncrypt with ACME on OpenWRT"
LetsEncrypt with ACME on OpenWRT (view source)
Revision as of 12:36, 5 June 2022
, 12:36, 5 June 2022→The Easy Way of Installing acme.sh
m (→Examples) |
|||
| Line 15: | Line 15: | ||
===The Easy Way of Installing ''acme.sh''=== | ===The Easy Way of Installing ''acme.sh''=== | ||
*Just to stay within the world of OpenWRT go ahead and install acme.sh the usual way: opkg updat<nowiki/>e, opkg install acme acme-dnsapi luci-app-acme (2.8.5 is the latest OpenWRT version) | |||
*Download the latest version of the script from here: https://github.com/acmesh-official/acme.sh<nowiki/>(3.0.1 as of the writing of this article) | *Download the latest version of the script from here: https://github.com/acmesh-official/acme.sh<nowiki/>(3.0.1 as of the writing of this article) | ||
* | *Rename the /usr/lib/acme/acme directory to ...acme.ORIGINAL (or whatever name) | ||
* | *Extract the contents of the download to /usr/lib/acme.install (version 3.0.1 or a more recent one) | ||
*Create these directories: /etc/acme/certs and /etc/acme/config (they can be anywhere, but following the OpenWRT paradigm, this is where they'd naturally seem to go) | *Create these directories (if they don't exist): /etc/acme/certs and /etc/acme/config (they can be anywhere, but following the OpenWRT paradigm, this is where they'd naturally seem to go) | ||
*Run the following command from within the /usr/lib/acme directory; | *Run the following command from within the /usr/lib/acme.install directory (but first make sure the permissions on the acme.sh file are 755 ( chmod 755 acme.sh ); | ||
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
.acme.sh --install --home /usr/lib/acme --cert-home /etc/acme/certs --config-home /etc/acme/config --accountemail YourEmail@YourProvider.com --accountkey /etc/acme/account --useragent "" --log /var/log/acme.log | ./acme.sh --install --home /usr/lib/acme --cert-home /etc/acme/certs --config-home /etc/acme/config --accountemail YourEmail@YourProvider.com --accountkey /etc/acme/account --useragent "" --log /var/log/acme.log | ||
</syntaxhighlight> | </syntaxhighlight><syntaxhighlight lang="text"> | ||
...something similar to the below should be the result; | |||
Installing to /usr/lib/acme | |||
Installed to /usr/lib/acme/acme.sh | |||
No profile is found, you will need to go into /usr/lib/acme to use acme.sh | |||
Installing cron job | |||
Good, bash is found, so change the shebang to use bash as preferred. | |||
OK | |||
</syntaxhighlight>The above command does the following; | |||
*Add the following to the /etc/profile file; | * Creates the /usr/lib/acme Directory | ||
* Copies all the script files to the above Directory | |||
* Creates and "Environment File" ( acme.sh.env ) that contains the following lines; | |||
** export LE_WORKING_DIR="/usr/lib/acme" | |||
** export LE_CONFIG_HOME="/etc/acme/config" | |||
** alias acme.sh="/usr/lib/acme/acme.sh --config-home '/etc/acme/config'" | |||
* The "No profile is found..." message indicates that one must run the acme.sh file from within it's directory, IE: ./usr/lib/acme/acme.sh, because the environment file is there instead of being included in the current user's profile (which can be added of course, see below) | |||
* Add the following to the /etc/profile file if desired (it will make is so the 'command' acme.sh can be run from anywhere, instead of using the entire path (./usr/lib/acme/acme.sh); | |||
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
export LE_WORKING_DIR="/usr/lib/acme" | export LE_WORKING_DIR="/usr/lib/acme" | ||
| Line 34: | Line 51: | ||
...all done. Using the ''acme.sh'' 'command' (actually a script) will now work like any other command within OpenWRT. | ...all done. Using the ''acme.sh'' 'command' (actually a script) will now work like any other command within OpenWRT. | ||
===Installation (of basic files) the OpenWRT way=== | ===Installation (of basic files) the OpenWRT way (Don't do it this way, do it the above 'easy way')=== | ||
...this is just here for some detailed notes to let you know what's going on with where all the ACME stuff is located. | |||
opkg update | opkg update | ||
| Line 104: | Line 123: | ||
====Examples==== | ====Examples==== | ||
* | */usr/lib/acme/acme.sh --revoke --domain WhatEverDomainName.xyz | ||
* | */usr/lib/acme/acme.sh --list | ||
* | */usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | ||
*Subject Alternative Names can be used too (IE, more than one Domain Name can be associated with a certificate): | *Subject Alternative Names can be used too (IE, more than one Domain Name can be associated with a certificate): | ||
**/usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz,WhatEverOtherDomainName.xyz,Another.xyz,AndSoOn.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | **/usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz,WhatEverOtherDomainName.xyz,Another.xyz,AndSoOn.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | ||