Everbrent/cis
9
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2025-12-06 07:48:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
cis/script/ssl/README.md

53 lines
2.3 KiB
Markdown
Raw Permalink Blame History

Issuing SSL certificates
========================
There are two modes you can use the script `renewCerts.sh`.
1. dns
2. http
Dns mode
--------
This mode is meant to use inside a docker container defined by the `Dockerfile`.
To configure, build and run the Container there is a file `docker-compose.yml.template`.
You can copy this file to `docker-compose.yml` and set the needed environment variables there.
- __AUTOACME_CONTAINER_HOSTNAME__
is used to enable the use of the host name within the container.
For example, for meaningful commit messages.
- __AUTOACME_GIT_REPOSITORY_VIA_SSH__ (optional)
is used to specify a Git repository to which the keys and certificates are transferred.
Therefore, SSH keys are generated on first launch (`docker compose up -d`) and the repository is cloned to `~/acmeResults/`.
The public key must be granted __write access__ to the repository
(e.g. as repository's deploy key).
The key can be viewed via `docker compose logs`.
- __AUTOACME_PATH_IN_GIT_REPOSITORY__ (optional)
specifies a path inside the repository were the certiticates are saved.
(e.g. AUTOACME_PATH_IN_GIT_REPOSITORY="/foo/bar/" => /root/autoACME/foo/bar/your-domain.net/fullchain.crt)
- __AUTOACME_DNS_PROVIDER__
sets the provider modul of acme.sh used to communicate with your domain provider.
(For further information see: https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
You may have to set additional environment variables depending on your provider...
### Manual docker commands
Instead of using `docker compose` you can build and run the container manually:
```
docker build -t cis/autoacme .
docker run --name autoacme -d cis/autoacme
```
This may be useful for investiagtion...
Http mode
---------
If you plan to use `renewCerts.sh` directly on your host computer this mode may fit your needs.
Here you need a `nginx` webserver. The domain have to point to it and following configuration is needed:
1. The content of folder `/var/www/letsencrypt/.well-known/acme-challenge/` has to be accessable via `http://your-domain.net/.well-known/acme-challenge/`
2. The certificates are stored to `/etc/nginx/ssl`. If this folder is a git repository then changes will be commited and pushed.
3. An entry into the crontab is needed to do automatic updates.
Reference in New Issue View Git Blame Copy Permalink