Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1083 Commits
9 Branches
44 Tags
32 MiB
Tree: a4b2cebef6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a4b2cebef6'
${ noResults }
acme.sh/deploy/README.md

100 lines
4.0 KiB
Raw Normal View History

add doc
8 years ago
Some documentation in README
8 years ago
add doc
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Reduce and simplify number of exported variables. Also allow any cert file to append to previous file.
8 years ago
Some documentation in README
8 years ago
Make backup of certs on remote server optional. Defaults to yes.
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Reduce and simplify number of exported variables. Also allow any cert file to append to previous file.
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Reduce and simplify number of exported variables. Also allow any cert file to append to previous file.
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Reduce and simplify number of exported variables. Also allow any cert file to append to previous file.
8 years ago
Some documentation in README
8 years ago
Reduce and simplify number of exported variables. Also allow any cert file to append to previous file.
8 years ago
Make backup of certs on remote server optional. Defaults to yes.
8 years ago
Some documentation in README
8 years ago
Make backup of certs on remote server optional. Defaults to yes.
8 years ago
  1. # Using deploy api
  3. Here are the scripts to deploy the certs/key to the server/services.
  5. ## 1. Deploy the certs to your cpanel host.
  7. (cpanel deploy hook is not finished yet, this is just an example.)
  9. Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
  11. Then you can deploy now:
  13. ```sh
  14. export DEPLOY_CPANEL_USER=myusername
  15. export DEPLOY_CPANEL_PASSWORD=PASSWORD
  16. acme.sh --deploy -d example.com --deploy --deploy-hook cpanel
  17. ```
  19. ## 2. Deploy ssl cert on kong proxy engine based on api.
  21. Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
  23. (TODO)
  25. ## 3. Deploy the cert to remote server through SSH access.
  27. The ssh deploy plugin allows you to deploy certificates to a remote host
  28. using SSH command to connect to the remote server. The ssh plugin is invoked
  29. with the following command...
  31. ```bash
  32. acme.sh --deploy -d example.com --deploy-hook ssh
  33. ```
  34. Prior to running this for the first time you must tell the plugin where
  35. and how to deploy the certificates. This is done by exporting the following
  36. environment variables. This is not required for subsequent runs as the
  37. values are stored by acme.sh in the domain configuration files.
  39. Required...
  40. ```bash
  41. export ACME_DEPLOY_SSH_USER="admin"
  42. ```
  43. Optional...
  44. ```bash
  45. export ACME_DEPLOY_SSH_CMD=""
  46. export ACME_DEPLOY_SSH_SERVER="qnap"
  47. export ACME_DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
  48. export ACME_DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
  49. export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
  50. export ACME_DEPLOY_SSH_FULLCHAIN=""
  51. export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
  52. export ACME_DEPLOY_SSH_BACKUP=""
  53. ```
  54. The values used above are illustrative only and represent those that could
  55. be used to deploy certificates to a QNAP NAS device running QTS 4.2
  57. ###ACME_DEPLOY_SSH_USER
  58. Username at the remote host that SSH will login with. Note that
  59. SSH must be able to login to remote host without a password... SSH Keys
  60. must have been exchanged with the remote host. Validate and test that you
  61. can login to USER@URL from the host running acme.sh before using this script.
  63. The USER@URL at the remote server must also have has permissions to write to
  64. the target location of the certificate files and to execute any commands
  65. (e.g. to stop/start services).
  66. ###ACME_DEPLOY_SSH_CMD
  67. You can customize the ssh command used to connect to the remote host. For example
  68. if you need to connect to a specific port at the remote server you can set this
  69. to, for example, "ssh -p 22"
  70. ###ACME_DEPLOY_SSH_SERVER
  71. URL or IP Address of the remote server. If not provided then the domain
  72. name provided on the acme.sh --deploy command line is used.
  73. ###ACME_DEPLOY_SSH_KEYFILE
  74. Target filename for the private key issued by LetsEncrypt.
  75. ###ACME_DEPLOY_SSH_CERTFILE
  76. Target filename for the certificate issued by LetsEncrypt. If this filename
  77. is the same as that provided for ACME_DEPLOY_SSH_KEYFILE then this certificate
  78. is appended to the same file as the private key.
  79. ###ACME_DEPLOY_SSH_CAFILE
  80. Target filename for the CA intermediate certificate issued by LetsEncrypt.
  81. If this is the same as a previous filename then it is appended to the same
  82. file
  83. ###ACME_DEPLOY_SSH_FULLCHAIN
  84. Target filename for the fullchain certificate issued by LetsEncrypt.
  85. If this is the same as a previous filename then it is appended to the same
  86. file
  87. ###ACME_DEPLOY_SSH_REMOTE_CMD
  88. Command to execute on the remote server after copying any certificates. This
  89. could be any additional command required for example to stop and restart
  90. the service.
  91. ###ACME_DEPLOY_SSH_BACKUP
  92. Before writing a certificate file to the remote server the existing
  93. certificate will be copied to a backup directory on the remote server.
  94. These are placed in a hidden directory in the home directory of the SSH
  95. user
  96. ```bash
  97. ~/.acme_ssh_deploy/[domain name]-backup-[timestamp]
  98. ```
  99. Any backups older than 180 days will be deleted when new certificates
  100. are deployed. This defaults to "yes" set to "no" to disable backup.