In terms of shell scripts that re-implement the Certbot client there are two shell scripts that I currently know of, one called dehydrated and the other, which I discovered a day or two later, is called acme.sh. I ended up using acme.sh, I found the acme.sh implementation to be a bit simpler than the dehydrated implementation. If you're interested in using dehydrated, there's reasonable documentation on how to install and use it at https://www.aaflalo.me/2016/09/dehydrated-bash-client-lets-encrypt/.
Acme.sh
Acme.sh promotes itself as follows:- An ACME protocol client written purely in Shell (Unix shell) language.
- Full ACME protocol implementation.
- Simple, powerful and very easy to use. You only need 3 minutes to learn it.
- Bash, dash and sh compatible.
- Simplest shell script for Let's Encrypt free certificate client.
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
- Just one script to issue, renew and install your certificates automatically.
- DOES NOT require root/sudoer access.
It basically installs itself in the home folder of the active user and also adds itself to the PATH.
Installation is as easy as:
curl https://get.acme.sh | sh
Or:
wget -O - https://get.acme.sh | sh
After that you can create an SSL certificate for the domain with the following command:
acme.sh --issue -w /home/mysite/public_html/example.com -d example.com -d www.example.com
Unfortunately, while the certificate was created without a problem, the server was so old that the version of OpenSSL didn't support multiple domains on the same IP address according to this article I needed at least OpenSSL v0.9.8j.
Truth be told the best course of action will be to upgrade the server since it is otherwise vulnerable. The knowledge won't be lost as I can use it on other projects on newer servers.
No comments:
Post a Comment