1,723
edits
Difference between revisions of "LetsEncrypt with ACME on OpenWRT"
m
→Choices
m (→Examples) |
m (→Choices) |
||
| Line 4: | Line 4: | ||
===Choices=== | ===Choices=== | ||
As with everything in the world, there are choices. This article describes two different ways to install the acme.sh script. One, the "Easy Way". Two, the longer OpenWRT way. | As with everything in the world, there are choices. This article describes two different ways to install the acme.sh script. One, the "Easy Way". Two, the longer OpenWRT way. | ||
=== Quick S === | |||
* UPGRADE Acme Scripts: As of 2022, the Acme Package from OpenWRT is broken / old / whatever (version 2.85), so upgrade to 3 or later (be sure to set permissions: chmod 755 acme.sh) | |||
* Certificates Installed (show): /usr/lib/acme/acme.sh --list | |||
* Cron Command for Certificate Renewal: "/usr/lib/acme"/acme.sh --cron --home "/usr/lib/acme" --config-home "/etc/acme/config" > /dev/null | |||
* Issuing a certficate (acme.sh --issue PlusOtherCommandSwitches-seeBelow), will store it here: /etc/etc/certs (certificates and configuration files for use in renewing certs) | |||
* DNS Method: Really only works well if the Master Zone is on the same server that the Acme.sh Script is running on, otherwise use web method | |||
===The Easy Way of Installing ''acme.sh''=== | ===The Easy Way of Installing ''acme.sh''=== | ||
| Line 98: | Line 106: | ||
*/usr/lib/acme/acme.sh --revoke --domain WhatEverDomainName.xyz | */usr/lib/acme/acme.sh --revoke --domain WhatEverDomainName.xyz | ||
*/usr/lib/acme/acme.sh --list | */usr/lib/acme/acme.sh --list | ||
*/usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs | */usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | ||
*Subject Alternative Names can be used too (IE, more than one Domain Name can be associated with a certificate): | *Subject Alternative Names can be used too (IE, more than one Domain Name can be associated with a certificate): | ||
**/usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz,WhatEverOtherDomainName.xyz,Another.xyz,AndSoOn.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | **/usr/lib/acme/acme.sh --issue --webroot /usr/share/apache2/htdocs --domain WhatEverDomainName.xyz,WhatEverOtherDomainName.xyz,Another.xyz,AndSoOn.xyz --home /etc/acme --cert-home /etc/acme/certs --config-home /etc/acme/config | ||
| Line 110: | Line 118: | ||
*Get a Certificate | *Get a Certificate | ||
**Acme.sh --issue | **Acme.sh --issue | ||
**Certbot | **Certbot certonly (no double dashes) | ||
*Obtaining a Certificate via DNS | *Obtaining a Certificate via DNS | ||
**Acme.sh --issue --dns dns_nsupdate --domain WhatEverDomain | **Acme.sh --issue --dns dns_nsupdate --domain WhatEverDomain | ||
**Certbot | **Certbot certonly --dns-rfc2136 --dns-rfc2136-credentials WhatEverCredentialFile -d WhatEverDomain | ||
===Using DNS (BIND / Named) to Obtain a Certificate (with a Certbot comparison thrown in)=== | ===Using DNS (BIND / Named) to Obtain a Certificate (with a Certbot comparison thrown in)=== | ||