Skip to content
Snippets Groups Projects

Add http challenge

Merged Add http challenge
add-http-challenge into master
Merged Hahn Axel (hahn) requested to merge add-http-challenge into master
Compare
and
3 files
+ 830
637
Compare changes
  • Side-by-side
  • Inline
Files
3
docs/30_Usage.md
+ 78
59
@@ -6,94 +6,113 @@ Verify a new setup (or changes in the config) with `./cm.sh selftest`.
@@ -6,94 +6,113 @@ Verify a new setup (or changes in the config) with `./cm.sh selftest`.
## Show help
## Show help
Without any parameter it shows a help.
Without -h or --help it shows a help.
```text
```text
./cm.sh
./cm.sh -h
_______________________________________________________________________________
_______________________________________________________________________________
- - - ---===>>> CERT MANAGER <<<===--- - - -
- - - ---===>>> CERT MANAGER - v2025-01-08 <<<===--- - - -
_______________________________________________________________________________
_______________________________________________________________________________
DEBUG: Using Let's Encrypt STAGE environment ...
DEBUG: You can test and mess around. Do not use certs in production.
HELP
HELP
The basic syntax is
Wrapper script for acme.sh to handle certificates.
cm.sh [--trace] ACTION [FQDN] [ALIAS_1 [.. ALIAS_N]]
For automation you should use the "ensure" action that detects if a
 
certificate must be created, renewed or re-created.
The ACTIONs for SINGLE certificate handlings are:
📄 Source: <https://git-repo.iml.unibe.ch/iml-open-source/iml-certman>
 
📜 License: GNU GPL 3.0
 
📗 Docs: <https://os-docs.iml.unibe.ch/iml-certman/>
add FQDN [.. FQDN-N]
SYNTAX:
create new certificate
The first FQDN is a hostname to generate the certificate for.
Following multiple hostnames will be used as DNS aliases in the
same certificate.
It updates files in ./certs
ensure FQDN [.. FQDN-N]
dev_cm.sh [OPTIONS] ACTION <FQDN> [<ALIASES>]
It ensures that a certificate with given aliases exists and is up to date.
This param is for simple usage in automation tools like Ansible or Puppet.
It is required to add all aliases as parameters what is unhandy for
direct usage on cli.
If the cert does not exist it will be created (see "add").
OPTIONS:
If fqdn and aliases are the same like in the certificate it performs a renew.
If fqdn and aliases differ:
- the current certificate will be rejected + deleted (see "delete")
- a new certificate will be added ()
delete FQDN
-a|--alias
delete all files of a given certificate
Use http challenge with existing http server on port 80
 
Challenge file will be written into ../alias-dir/
renew FQDN
-f|--force
renew (an already added) certificate
Force renew of certificate even if it is not due yet.
and update files in ./certs
Use it carefully - remember the execution limits on Let's Encrypt.
show FQDN
-t|--trace
show place of certificate data and show basic certificate data
the output additionally will be written into a tracelog file
(issuer, subject, aliases, ending date)
below ./log.
transfer FQDN
-v|--verbose
Transfer cert from acme.sh internal cache to our output dir again.
show debug infos on console.
It is done during add or renew. With transfer command you can repeat it.
Remark: for permanent usage set CM_showdebug=1 in inc_config.sh
ACTIONs for ALL certs
-w|--webroot <DIR>
 
Use http challenge with existing http server on port 80
 
Challenge file will be written into given directory
list
The ACTIONs for SINGLE certificate handlings are:
list all certificates including creation and renew date
list-old
add <FQDN> [.. <FQDN-N>]
list all certificates older 65 and older 90 days and exit.
create new certificate
Exitcodes:
The first FQDN is a hostname to generate the certificate for.
0 - all certs are up to date.
Following multiple hostnames will be used as DNS aliases in the
1 - certificates to renew were found
same certificate.
2 - outdatedt certificates were found
It updates files in
renew-all
ensure <FQDN> [.. <FQDN-N>]
renew all certificates (fast mode - without --force)
It ensures that a certificate with given aliases exists and is up to date.
and update files in ./certs
This param is for simple usage in automation tools like Ansible or Puppet.
It is useful for a cronjob.
It is required to add all aliases as parameters what is unhandy for
 
direct usage on cli.
other ACTIONs
If the cert does not exist it will be created (see "add").
 
If fqdn and aliases are the same like in the certificate it performs a renew.
 
If fqdn and aliases differ:
 
- the current certificate will be rejected + deleted (see "delete")
 
- a new certificate will be added ()
 
 
delete <FQDN>
 
delete all files of a given certificate
 
 
renew <FQDN>
 
renew (an already added) certificate
 
and update files in
selftest
show <FQDN>
check of health with current setup and requirements.
show place of certificate data and show basic certificate data
This command is helpful for initial setups.
(issuer, subject, aliases, ending date)
OPTIONS
transfer <FQDN>
--trace (it must be the 1st parameter)
Transfer cert from acme.sh internal cache to our output dir again.
the output additionally will be written into a tracelog file
It is done during add or renew. With transfer command you can repeat it.
below ./log.
 
ACTIONs for ALL certs
 
 
list
 
list all certificates including creation and renew date
 
 
list-old
 
list all certificates older 65 and older 90 days and exit.
 
Exitcodes:
 
0 - all certs are up to date.
 
1 - certificates to renew were found
 
2 - outdatedt certificates were found
 
 
renew-all
 
renew all certificates (fast mode - without --force)
 
and update files in
 
It is useful for a cronjob.
 
 
other ACTIONs
DEBUG: Using Let's Encrypt STAGE environment ...
selftest
DEBUG: You can test and mess around. Do not use certs in production.
check of health with current setup and requirements.
 
This command is helpful for initial setups.
```
```