misc/debian/bullseye/notes/acme.sh.md

# Install Acme.sh for nginx

```
apt install socat curl

mkdir /etc/nginx/acme

chmod 740 /etc/nginx/acme

chown nginx:nginx /etc/nginx/acme

chmod g+s,o+s,u+s /etc/nginx/acme

sudo -s -u nginx

curl -o /tmp/acme.sh "https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh"

cd /tmp

bash ./acme.sh --home /etc/nginx/acme --install

```

# Issue cert
```
sudo -s -u nginx

cd /etc/nginx/acme

./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --test

./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --force
```

# Allow acme.sh under nginx to reload itself

```
echo "# Allow reloading of nginx
nginx ALL=(ALL) NOPASSWD: /bin/systemctl force-reload nginx.service
" | tee /etc/sudoers.d/allow-user-nginx-to-force-reload-nginx
```

# Install cert

```
sudo -s -u nginx

cd /etc/nginx/acme

./acme.sh --home /etc/nginx/acme --install-cert -d domain.com \
--key-file       /etc/nginx/pem/domain.com-key.pem \
--fullchain-file /etc/nginx/pem/domain.com-cert.pem \
--reloadcmd     "sudo /bin/systemctl force-reload nginx.service"
```
* php-doc: fix apt install * fix logging path in various scripts * remove acme-helper but add notes * backup.sh: skip non-existant files/folders * nginx install: fix paths 2022-04-14 09:14:55 +00:00			`# Install Acme.sh for nginx`

			```
			`apt install socat curl`

			`mkdir /etc/nginx/acme`

			`chmod 740 /etc/nginx/acme`

update acme.sh nginx.sh default.conf does not need site directories & should always return 404 2022-04-24 14:04:01 +00:00			`chown nginx:nginx /etc/nginx/acme`
* php-doc: fix apt install * fix logging path in various scripts * remove acme-helper but add notes * backup.sh: skip non-existant files/folders * nginx install: fix paths 2022-04-14 09:14:55 +00:00
update acme.sh nginx.sh default.conf does not need site directories & should always return 404 2022-04-24 14:04:01 +00:00			`chmod g+s,o+s,u+s /etc/nginx/acme`
* php-doc: fix apt install * fix logging path in various scripts * remove acme-helper but add notes * backup.sh: skip non-existant files/folders * nginx install: fix paths 2022-04-14 09:14:55 +00:00
			`sudo -s -u nginx`

			`curl -o /tmp/acme.sh "https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh"`

			`cd /tmp`

			`bash ./acme.sh --home /etc/nginx/acme --install`

			```

			`# Issue cert`
			```
			`sudo -s -u nginx`

			`cd /etc/nginx/acme`

			`./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --test`

			`./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --force`
			```

			`# Allow acme.sh under nginx to reload itself`

			```
			`echo "# Allow reloading of nginx`
			`nginx ALL=(ALL) NOPASSWD: /bin/systemctl force-reload nginx.service`
			`" \| tee /etc/sudoers.d/allow-user-nginx-to-force-reload-nginx`
			```

			`# Install cert`

			```
			`sudo -s -u nginx`

			`cd /etc/nginx/acme`

			`./acme.sh --home /etc/nginx/acme --install-cert -d domain.com \`
			`--key-file /etc/nginx/pem/domain.com-key.pem \`
			`--fullchain-file /etc/nginx/pem/domain.com-cert.pem \`
			`--reloadcmd "sudo /bin/systemctl force-reload nginx.service"`
			```