10_Installation.md 1.23 KB
Newer Older
Hahn Axel (hahn)'s avatar
Hahn Axel (hahn) committed
1
2
3
4
5
6
7
8
9
10
11
12
# Installation

* Install acme.sh client: <https://github.com/acmesh-official/acme.sh>
* If you use Ansible/ Puppet/ ... to renew and deploy new certificates then you can deactivate the acme cronjob (`crontab -e`)
* Clone or extract files of iml-certman
* Make your changes by copying *dist files to file without ".dist" extension and edit
  * inc_config.sh
    * set credentials for dns api
    * set path to acme.sh script; the default is a relative path for the suggested contellation below.
    * optional: set custom target for generated certificates
    * optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
    * optional: set a filter that must match to new certificate and all aliases
Hahn Axel (hahn)'s avatar
Hahn Axel (hahn) committed
13
  * UNUSED: templates/csr.txt
Hahn Axel (hahn)'s avatar
Hahn Axel (hahn) committed
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
    * set location, company and department ... remark: (currently?) it is removed by LE

A suggested structure is having acme.sh and this wrapper below the same parent directory, i.e.

```text
/opt/letsenecrypt/
  |
  +-- acme.sh/
  |     |
  |     + acme.sh
  |     + ...
  |
  +-- iml-certman/
        |
        +-- certs/
        +-- templates/
        + cm.sh
        + inc_config.sh
        + ...
```

Verify a new setup (or changes in the config) with `./cm.sh selftest`.