Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1060 Commits
9 Branches
44 Tags
15 MiB
Tree: e3feac3fd8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e3feac3fd8'
${ noResults }
acme.sh/deploy/README.md

87 lines
3.8 KiB
Raw Normal View History

Create README.md
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
Documentation updates
8 years ago
Some documentation in README
8 years ago
  1. #Using deploy api
  3. #Using the ssh deploy plugin
  5. The ssh deploy plugin allows you to deploy certificates to a remote host
  6. using SSH command to connect to the remote server. The ssh plugin is invoked
  7. with the following command...
  9. ```bash
  10. acme.sh --deploy -d example.com --deploy-hook ssh
  11. ```
  12. Prior to running this for the first time you must tell the plugin where
  13. and how to deploy the certificates. This is done by exporting the following
  14. environment variables. This is not required for subsequent runs as the
  15. values are stored by acme.sh in the domain configuration files.
  17. Required...
  18. ```bash
  19. export ACME_DEPLOY_SSH_USER="admin"
  20. ```
  21. Optional...
  22. ```bash
  23. export ACME_DEPLOY_SSH_SERVER="qnap"
  24. export ACME_DEPLOY_SSH_PORT="22"
  25. export ACME_DEPLOY_SSH_SERVICE_STOP=""
  26. export ACME_DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
  27. export ACME_DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
  28. export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
  29. export ACME_DEPLOY_SSH_FULLCHAIN=""
  30. export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
  31. export ACME_DEPLOY_SSH_SERVICE_START=""
  32. ```
  33. The values used above are illustrative only and represent those that could
  34. be used to deploy certificates to a QNAP NAS device running QTS 4.2
  36. ###ACME_DEPLOY_SSH_USER
  37. Username at the remote host that SSH will login with. Note that
  38. SSH must be able to login to remote host without a password... SSH Keys
  39. must have been exchanged with the remote host. Validate and test that you
  40. can login to USER@URL from the host running acme.sh before using this script.
  42. The USER@URL at the remote server must also have has permissions to write to
  43. the target location of the certificate files and to execute any commands
  44. (e.g. to stop/start services).
  45. ###ACME_DEPLOY_SSH_SERVER
  46. URL or IP Address of the remote server. If not provided then the domain
  47. name provided on the acme.sh --deploy command line is used.
  48. ###ACME_DEPLOY_SSH_PORT
  49. Port number that SSH will attempt to connect to at the remote server. If
  50. not provided then defaults to 22.
  51. ###ACME_DEPLOY_SSH_SERVICE_STOP
  52. Command to execute on the remote server prior to copying any certificates. This
  53. would typically be used to stop the service for which the certificates are
  54. being deployed.
  55. ###ACME_DEPLOY_SSH_KEYFILE
  56. Target filename for the private key issued by LetsEncrypt.
  57. ###ACME_DEPLOY_SSH_CERTFILE
  58. Target filename for the certificate issued by LetsEncrypt. If this filename
  59. is the same as that provided for ACME_DEPLOY_SSH_KEYFILE then this certificate
  60. is appended to the same file as the private key.
  61. ###ACME_DEPLOY_SSH_CAFILE
  62. Target filename for the CA intermediate certificate issued by LetsEncrypt.
  63. ###ACME_DEPLOY_SSH_FULLCHAIN
  64. Target filename for the fullchain certificate issued by LetsEncrypt.
  65. ###ACME_DEPLOY_SSH_REMOTE_CMD
  66. Command to execute on the remote server after copying any certificates. This
  67. could be any additional command required prior to starting the service again,
  68. or could be a all-inclusive restart (stop and start of service). If
  69. ACME_DEPLOY_SSH_SERVICE_STOP value was provided then a 2 second sleep is
  70. inserted prior to calling this command to allow the system to stabalize.
  71. ###ACME_DEPLOY_SSH_SERVICE_START
  72. Command to execute on the remote server after copying any certificates. This
  73. would typically be used to stop the service for which the certificates are
  74. being deployed. If ACME_DEPLOY_SSH_SERVICE_STOP or ACME_DEPLOY_SSH_REMOTE_CMD
  75. values were provided then a 2 second sleep is inserted prior to calling
  76. this command to allow the system to stabalize.
  78. ##Backups
  79. Before writing a certificate file to the remote server the existing
  80. certificate will be copied to a backup directory on the remote server.
  81. These are placed in a hidden directory in the home directory of the SSH
  82. user
  83. ```bash
  84. ~/.acme_ssh_deploy/[domain name]-backup-[timestamp]
  85. ```
  86. Any backups older than 180 days will be deleted when new certificates
  87. are deployed.