Skip to content
Snippets Groups Projects
Commit 6ef2e2c1 authored by Hahn Axel (hahn)'s avatar Hahn Axel (hahn)
Browse files

update readme

parent 6c45cba4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 28 additions and 0 deletions
readme.md
+ 28
0
View file @ 6ef2e2c1
......@@ -9,6 +9,7 @@ license: GNU GPL 3.0 <http://www.gnu.org/licenses/gpl-3.0.html>
## Installation
* Install acme.sh client: <https://github.com/acmesh-official/acme.sh>
* If you use Ansible/ Puppet/ ... to renew and deploy new certificates then you can deactivate the acme cronjob (`crontab -e`)
* Clone or extract files of iml-certman
* Make your changes by copying *dist files to file without ".dist" extension and edit
* inc_config.sh
......@@ -125,3 +126,30 @@ DEBUG: Using Let's Encrypt STAGE environment ...
DEBUG: You can test and mess around. Do not use certs in production.
```
### CRUD actions for a certificate
A certificate is created for a host and can have additional DNS names (optional).
For integration into a system deployment with Ansible & co the `ensure` prameter
is the best choice because it detects what action is required.
The command
`[APPPATH]/cm.sh ensure www.example.com mail.example.com`
creates (or renews if close to expiriation) a certificate with 2 hostnames in it.
The "manual way" with atomic actions is:
* Create `[APPPATH]/cm.sh add www.example.com mail.example.com`
* Renew `[APPPATH]/cm.sh renew www.example.com`
* Modify hostnames with add command `[APPPATH]/cm.sh add www.example.com mail.example.com newhost.example.com` what creates a new certificate. Optionally you can/ should revoke the existing certificate with the former host list before (see next command). The impact is: Your SSL certificate on the website is invalid up to the moment you create and deploy the new certificate what can take a few minutes. If you maintain many certificates with the same domain and the request limit is reached your application can be broken broken for an even longer time.
* Deletin the certificates includes a revoke `[APPPATH]/cm.sh delete www.example.com`
### Show certificate data
Use the listing `[APPPATH]/cm.sh list` or maybe filter it `[APPPATH]/cm.sh list | grep "mail."`
to get a list of existing certs an then use the hostname in the 1st column to show details:
`[APPPATH]/cm.sh show www.example.com`
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment