55 lines
1.2 KiB
Markdown
Executable File
55 lines
1.2 KiB
Markdown
Executable File
# Install Acme.sh for nginx
|
|
|
|
```
|
|
apt install socat curl
|
|
|
|
mkdir /etc/nginx/acme
|
|
|
|
chmod 740 /etc/nginx/acme
|
|
|
|
chown nginx:nginx /etc/nginx/acme
|
|
|
|
chmod g+s,o+s,u+s /etc/nginx/acme
|
|
|
|
sudo -s -u nginx
|
|
|
|
curl -o /tmp/acme.sh "https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh"
|
|
|
|
cd /tmp
|
|
|
|
bash ./acme.sh --home /etc/nginx/acme --install
|
|
|
|
```
|
|
|
|
# Issue cert
|
|
```
|
|
sudo -s -u nginx
|
|
|
|
cd /etc/nginx/acme
|
|
|
|
./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --test
|
|
|
|
./acme.sh --home /etc/nginx/acme --issue --server letsencrypt --standalone --httpport 18080 -d domain.com -d domain.com --force
|
|
```
|
|
|
|
# Allow acme.sh under nginx to reload itself
|
|
|
|
```
|
|
echo "# Allow reloading of nginx
|
|
nginx ALL=(ALL) NOPASSWD: /bin/systemctl force-reload nginx.service
|
|
" | tee /etc/sudoers.d/allow-user-nginx-to-force-reload-nginx
|
|
```
|
|
|
|
# Install cert
|
|
|
|
```
|
|
sudo -s -u nginx
|
|
|
|
cd /etc/nginx/acme
|
|
|
|
./acme.sh --home /etc/nginx/acme --install-cert -d domain.com \
|
|
--key-file /etc/nginx/pem/domain.com-key.pem \
|
|
--fullchain-file /etc/nginx/pem/domain.com-cert.pem \
|
|
--reloadcmd "sudo /bin/systemctl force-reload nginx.service"
|
|
```
|