moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-01 05:31:51 +01:00
Code Releases Activity

Documentation changes

Browse Source 
acme-tiny is no longer required
ca-file needs to be downloaded

minor fixes of inaccuracies
This commit is contained in:
David Klaftenegger 2016-04-04 01:44:21 +02:00 committed by Markus Hauschild
parent 3a1a5a62b8
commit 625ae67f47
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -11,7 +11,7 @@ The main file acertmgr.py is intended to be run regularly (e.g. as daily cron jo
Requirements Requirements
------------ ------------
* Python (2.7+ and 3.4+ should work) * Python (2.7+ and 3.3+ should work)
* python-dateutil * python-dateutil
* PyYAML * PyYAML
* pyopenssl * pyopenssl
@ -19,13 +19,16 @@ Requirements
Initial Setup Initial Setup
------------- -------------
First, you need to provide two key files for acme-tiny: First, you need to provide two key files for the ACME protocol:
* The account key is expected at `/etc/acme/account.key` * The account key is expected at `/etc/acme/account.key`
* The domain key is expected at `/etc/acme/server.key` (note: only one domain key is required for all domains used in the same instance of acertmgr) * The domain key is expected at `/etc/acme/server.key` (note: only one domain key is required for all domains used in the same instance of acertmgr)
If you are missing these keys, you can create them using `openssl genrsa 4096 > /etc/acme/account.key` and `openssl genrsa 4096 > /etc/acme/server.key` respectively. If you are missing these keys, you can create them using `openssl genrsa 4096 > /etc/acme/account.key` and `openssl genrsa 4096 > /etc/acme/server.key` respectively.
Otherwise refer to the acme-timy documentation for how to reuse your existing keys.
Second, you should decide which challenge mode you want to use with acertmgr Secondly, you should download the letsencrypt CA certificate:
* wget -O /etc/acme/lets-encrypt-x3-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
* The path to this file must be entered in the configuration, see below.
Thirdly, you should decide which challenge mode you want to use with acertmgr
* webdir: In this mode, challenges are put into a directory, and served by an existing webserver. Make sure the target directory exists! * webdir: In this mode, challenges are put into a directory, and served by an existing webserver. Make sure the target directory exists!
* standalone: In this mode, challenges are completed by acertmgr directly. * standalone: In this mode, challenges are completed by acertmgr directly.
This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port. This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port.
@ -47,10 +50,11 @@ mode: webdir
#mode: standalone #mode: standalone
#port: 13135 #port: 13135
webdir: /var/www/acme-challenge/ webdir: /var/www/acme-challenge/
cafile: /etc/acme/letencrypt_ca.crt
defaults: defaults:
format: crt format: crt
cafile: /etc/acme/lets-encrypt-x3-cross-signed.pem
``` ```
* Example domain configuration file: * Example domain configuration file: