-
Notifications
You must be signed in to change notification settings - Fork 59
Examples
Jakub Warmuz edited this page Apr 16, 2016
·
24 revisions
You might find more examples in Links.
| server | flags | configuration |
|---|---|---|
| nginx | -f key.pem -f fullchain.pem |
ssl_certificate_key key.pem, ssl_certificate fullchain.pem
|
| apache >= 2.4.8 | -f key.pem -f fullchain.pem |
SSLCertificateKeyFile key.pem, SSLCertificateFile fullchain.pem
|
| apache < 2.4.8 | -f key.pem -f cert.pem -f chain.pem |
SSLCertificateKeyFile key.pem, SSLCertificateFile cert.pem, SSLCertificateChainFile chain.pem
|
For all files in the server configuration use absolute paths. Do NOT e.g. cp key.pem /etc/apache2 - this way you're missing on all renewal features.
#!/bin/sh
domain="example.com"
simp_le -d ${domain}:/var/www/html \
-f key.pem -f cert.pem -f fullchain.pem ... && \
service httpd reloadNote that service httpd reload will only be called if renewal happened, due to the way simp_le sets up its exit codes.
#!/bin/sh
ssh root@example.com "mkdir -p /var/www/html/.well-known/acme-challenge; \
chown $USER /var/www/html/.well-known/acme-challenge"
sshfs example.com:/var/www/html public_html
simp_le -d example.com:public_html ...If you were previously using https://github.com/letsencrypt/letsencrypt, you can easily import existing data:
#!/bin/sh
domain="example.com"
mkdir import
cd import
cp /etc/letsencrypt/accounts/*/directory/*/private_key.json account_key.json
# skip following 2 lines if you want fresh new certs
cp /etc/letsencrypt/live/${domain?}/*.pem .
mv privkey.pem key.pem
simp_le -d ${domain?}:/var/www/html \
--account_key_size 2048 -f account_key.json \
-f key.pem -f cert.pem -f chain.pem -f fullchain.pemCopy and paste the following snippet to $CWD/external.sh, chmod +x $CWD/external.sh and run simp_le -f account_key.json -f external.sh ....
#!/bin/sh
case $1 in
save) cat - > full.pem;;
load) cat full.pem || true;;
persisted) echo key cert chain;;
esac