|
|
@ -143,7 +143,21 @@ export ACME_DEPLOY_SSH_REMOTE_CMD="openssl pkcs12 -export \ |
|
|
|
|
|
|
|
|
acme.sh --deploy -d unifi.example.com --deploy-hook ssh |
|
|
acme.sh --deploy -d unifi.example.com --deploy-hook ssh |
|
|
``` |
|
|
``` |
|
|
Note how in this exmple we execute several commands on the remote host |
|
|
|
|
|
|
|
|
In this exmple we execute several commands on the remote host |
|
|
after the certificate files have been copied... to generate a pkcs12 file |
|
|
after the certificate files have been copied... to generate a pkcs12 file |
|
|
compatible with Unifi, to import it into the Unifi keystore and then finaly |
|
|
compatible with Unifi, to import it into the Unifi keystore and then finaly |
|
|
to restart the service. |
|
|
to restart the service. |
|
|
|
|
|
|
|
|
|
|
|
Note also that once the certificate is imported |
|
|
|
|
|
into the keystore the individual certificate files are no longer |
|
|
|
|
|
required. We could if we desired delete those files immediately. If we |
|
|
|
|
|
do that then we should disable backup at the remote host (as there are |
|
|
|
|
|
no files to backup -- they were erased during deployment). For example... |
|
|
|
|
|
```sh |
|
|
|
|
|
export ACME_DEPLOY_SSH_BACKUP=no |
|
|
|
|
|
# modify the end of the remte command... |
|
|
|
|
|
&& rm /var/lib/unifi/unifi.example.com.key \ |
|
|
|
|
|
/var/lib/unifi/unifi.example.com.cer \ |
|
|
|
|
|
/var/lib/unifi/unifi.example.com.p12 \ |
|
|
|
|
|
&& service unifi restart |
|
|
|
|
|
``` |
David Kerr
8 years ago