add examples

2022-04-09 09:01:45 +01:00 · 2022-04-09 09:01:45 +01:00 · 2e1996af7b
parent 62008ab146
commit 2e1996af7b
1 changed files with 26 additions and 3 deletions
--- a/debian/bullseye/scripts/acme-helper.sh
+++ b/debian/bullseye/scripts/acme-helper.sh
@ -22,7 +22,7 @@ ACME_SCRIPT_URL='https://raw.githubusercontent.com/acmesh-official/acme.sh/maste
 # Temporary script location.
 ACME_SCRIPT_TMP='/tmp'

-install() { 
+install() {
 # Add user.
 adduser --system --disabled-login --gecos GECOS \
        --no-create-home --home "${ACME_HOME}" "${ACME_USER}"
@ -37,7 +37,7 @@ usermod -aG ${ACME_GROUP} ${ACME_USER} || \
    usermod -aG ${ACME_GROUP} ${ACME_USER}

 # Make the home dir.
-mkdir -v ${ACME_HOME}
+mkdir -v ${ACME_HOME} ${ACME_HOME}/pem
 chown ${ACME_USER}:${ACME_GROUP} ${ACME_HOME}
 chmod -cR 750 ${ACME_HOME}
 chmod -cR u+s,g+s,o+s ${ACME_HOME}
@ -45,6 +45,8 @@ chmod -cR u+s,g+s,o+s ${ACME_HOME}
 # Add needed binaries.
 apt install sudo socat curl coreutils

+allowreloadnginx
+
 # Download & install.
 curl -o "${ACME_SCRIPT_TMP}/acme.sh" "${ACME_SCRIPT_URL}"

@ -61,8 +63,29 @@ cd ${ACME_SCRIPT_TMP}
 ./acme.sh --home ${ACME_HOME} --install

 exit
+
+----
+Examples (as acme user).
+# Issue cert..
+./acme.sh --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --test
+
+# If the first command succeeds..
+./acme.sh --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --force
+
+./acme.sh  --install-cert -d domain.com \
+--key-file       /etc/acme/pem/domain.com-key.pem \
+--fullchain-file /etc/acme/pem/domain.com-cert.pem \
+--reloadcmd     "sudo /bin/systemctl force-reload nginx.service"
 todo

 }

-${1} "$@"    
+allowreloadnginx() {
+
+echo "# Allow reloading of nginx
+${ACME_USER:-nginx} ALL=(ALL) NOPASSWD: /bin/systemctl force-reload nginx.service
+" | tee /etc/sudoers.d/allow-user-${ACME_USER:-nginx}-to-force-reload-nginx
+
+}
+
+${1} "$@"