Giter Club home page Giter Club logo

acme-tiny-wrapper's Introduction

acme-tiny-wrapper

This is a fork of tasn/acme-tiny-wrapper prepared for packaging. The basic idea behind this is to go through all certificate requests in a given directory and use acme-tiny to retrieve new, valid certificates.

Defaults

  • /etc/acme-tiny/acme-tiny.cfg contains the configuration
  • /etc/acme-tiny/csr/ is the location of the certificate requests to use
  • /var/lib/acme-tiny/ is used as work directory
  • /var/lib/acme-tiny/account.key is the Let's encrypt account key
  • /var/lib/acme-tiny/certs is the default certificate output directory
  • /var/www/acme-challenges/ is the default challenge directory

Configuration

  1. Install acme-tiny
  2. Set the account.key if one already exists
  3. Adjust the values in acme-tiny.cfg and make sure the directory specified by ACME_DIR is served by a web browser.

Example

Here we want to request a certificate for test.example.com using Nginx as web server. For that we first need to configure Nginx to serve the challenges and configure the directories accordingly. The Nginx configuration should look like this:

server {
    listen 80;
     ...
    location /.well-known/acme-challenge {
        alias /var/www/acme-challenges/;
    }
}

You can use different locations but they need to be specified in the acme-tiny.cfg configuration file.

The wrapper will automatically generate a new account key if it does not exist. If you have an account key, copy it to /var/lib/acme-tiny/account.key and ensure it is readable only by the user executing the acme-tiny-wrapper.

Next, generate a certificate request and place it in /etc/acme-tiny/csr/

openssl genrsa 4096 > test.example.com.key
openssl req -new -sha256 -key test.example.com.key -subj "/CN=test.example.com" > test.example.com.csr
cp test.example.com.csr /etc/acme-tiny/csr/

Finally, you may specify an additional output location for the generated certificate. You can do that for each certificate by creating a location file:

echo /etc/nginx/ssl/certs > /etc/acme-tiny/csr/test.example.com.location

or by specifying the DEFAULT_LOCATION in the acme-tiny.cfg.

Running acme-tiny-wrapper will now generate new certificates.

acme-tiny-wrapper's People

Contributors

lkiesow avatar tasn avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.