1
0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-04 00:15:23 +01:00

docs: clarify (also: Python 3.4 has reached EoL)

This commit is contained in:
Markus 2019-03-22 09:52:02 +01:00
parent 92337436bc
commit d5eba22ad8
2 changed files with 9 additions and 5 deletions

View File

@ -11,7 +11,7 @@ The main file acertmgr.py is intended to be run regularly (e.g. as daily cron jo
Requirements Requirements
------------ ------------
* Python (2.7+ and 3.3+ should work) * Python (2.7+ and 3.5+ should work)
* cryptography * cryptography
Optional packages Optional packages
@ -25,7 +25,7 @@ Initial Setup
------------- -------------
You should decide which challenge mode you want to use with acertmgr: You should decide which challenge mode you want to use with acertmgr:
* webdir: In this mode, challenges are put into a directory, and served by an existing webserver * webdir: In this mode, responses to challenges are put into a directory, to be served by an existing webserver
* standalone: In this mode, challenges are completed by acertmgr directly. * standalone: In this mode, challenges are completed by acertmgr directly.
This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port This starts a webserver to solve the challenges, which can be used standalone or together with an existing webserver that forwards request to a specified local port
* webdir/standalone: Make sure that the `webdir` directory exists in both cases (Note: the standalone webserver does not yet serve the files in situation) * webdir/standalone: Make sure that the `webdir` directory exists in both cases (Note: the standalone webserver does not yet serve the files in situation)
@ -33,9 +33,9 @@ You should decide which challenge mode you want to use with acertmgr:
* dns.* (Alias mode): Can be used similar to the above but allows redirection of _acme-challenge.<domain> to any other (updatable domain) defined in dns_updatedomain via CNAME (e.g. _acme-challenge.example.net IN CNAME bla.foo.bar with config dns_updatedomain="bla.foo.bar" in config) * dns.* (Alias mode): Can be used similar to the above but allows redirection of _acme-challenge.<domain> to any other (updatable domain) defined in dns_updatedomain via CNAME (e.g. _acme-challenge.example.net IN CNAME bla.foo.bar with config dns_updatedomain="bla.foo.bar" in config)
* dns.nsupdate: Updates the TXT record using RFC2136 (with dnspython) * dns.nsupdate: Updates the TXT record using RFC2136 (with dnspython)
You can optionally provide the key files for the ACME protocol, if you do not they will be automatically created: You can optionally provide the private key files to be used with the ACME protocol (if you do not they will be automatically created):
* The account key is expected at `/etc/acertmgr/account.key` * The account private key is expected at `/etc/acertmgr/account.key` (used to register an account with the authorities server)
* The domain key is expected at `/etc/acertmgr/server.key` (Note: only one domain key is required for all domains used in the same instance of acertmgr) * The domain private key is expected at `/etc/acertmgr/server.key` (Note: only one domain key is required for all domains used in the same instance of acertmgr)
* If you are missing these keys, they will be created for you or you can create them using `openssl genrsa 4096 > /etc/acertmgr/account.key` and `openssl genrsa 4096 > /etc/acertmgr/server.key` respectively * If you are missing these keys, they will be created for you or you can create them using `openssl genrsa 4096 > /etc/acertmgr/account.key` and `openssl genrsa 4096 > /etc/acertmgr/server.key` respectively
* Do not forget to set proper permissions of the keys using `chmod 0400 /etc/acertmgr/*.key` * Do not forget to set proper permissions of the keys using `chmod 0400 /etc/acertmgr/*.key`
@ -92,6 +92,7 @@ authority_tos_agreement: "true" # Indicates you agree to the ToS stated by the A
```yaml ```yaml
--- ---
# this will save the the key and certificate chain seperately
mail.example.com: mail.example.com:
- path: /etc/postfix/ssl/mail.key - path: /etc/postfix/ssl/mail.key
user: root user: root
@ -106,6 +107,7 @@ mail.example.com:
format: crt,ca format: crt,ca
action: '/etc/init.d/postfix reload' action: '/etc/init.d/postfix reload'
# this will combine the key and certificate chain into a single file
jabber.example.com: jabber.example.com:
- path: /etc/ejabberd/server.pem - path: /etc/ejabberd/server.pem
user: jabber user: jabber

View File

@ -1,5 +1,6 @@
--- ---
# this will save the the key and certificate chain seperately
mail.example.com: mail.example.com:
- path: /etc/postfix/ssl/mail.key - path: /etc/postfix/ssl/mail.key
user: root user: root
@ -14,6 +15,7 @@ mail.example.com:
format: crt,ca format: crt,ca
action: '/etc/init.d/postfix reload' action: '/etc/init.d/postfix reload'
# this will combine the key and certificate chain into a single file
jabber.example.com: jabber.example.com:
- path: /etc/ejabberd/server.pem - path: /etc/ejabberd/server.pem
user: jabber user: jabber