Skip to content
Snippets Groups Projects

Add http challenge

Merged Hahn Axel (hahn) requested to merge add-http-challenge into master
3 files
+ 830
637
Compare changes
  • Side-by-side
  • Inline

Files

+ 78
59
@@ -6,37 +6,65 @@ Verify a new setup (or changes in the config) with `./cm.sh selftest`.
## Show help
Without any parameter it shows a help.
Without -h or --help it shows a help.
```text
./cm.sh
./cm.sh -h
_______________________________________________________________________________
- - - ---===>>> CERT MANAGER <<<===--- - - -
- - - ---===>>> CERT MANAGER - v2025-01-08 <<<===--- - - -
_______________________________________________________________________________
DEBUG: Using Let's Encrypt STAGE environment ...
DEBUG: You can test and mess around. Do not use certs in production.
HELP
The basic syntax is
cm.sh [--trace] ACTION [FQDN] [ALIAS_1 [.. ALIAS_N]]
Wrapper script for acme.sh to handle certificates.
For automation you should use the "ensure" action that detects if a
certificate must be created, renewed or re-created.
📄 Source: <https://git-repo.iml.unibe.ch/iml-open-source/iml-certman>
📜 License: GNU GPL 3.0
📗 Docs: <https://os-docs.iml.unibe.ch/iml-certman/>
SYNTAX:
dev_cm.sh [OPTIONS] ACTION <FQDN> [<ALIASES>]
OPTIONS:
-a|--alias
Use http challenge with existing http server on port 80
Challenge file will be written into ../alias-dir/
-f|--force
Force renew of certificate even if it is not due yet.
Use it carefully - remember the execution limits on Let's Encrypt.
-t|--trace
the output additionally will be written into a tracelog file
below ./log.
-v|--verbose
show debug infos on console.
Remark: for permanent usage set CM_showdebug=1 in inc_config.sh
-w|--webroot <DIR>
Use http challenge with existing http server on port 80
Challenge file will be written into given directory
The ACTIONs for SINGLE certificate handlings are:
add FQDN [.. FQDN-N]
add <FQDN> [.. <FQDN-N>]
create new certificate
The first FQDN is a hostname to generate the certificate for.
Following multiple hostnames will be used as DNS aliases in the
same certificate.
It updates files in ./certs
It updates files in
ensure FQDN [.. FQDN-N]
ensure <FQDN> [.. <FQDN-N>]
It ensures that a certificate with given aliases exists and is up to date.
This param is for simple usage in automation tools like Ansible or Puppet.
It is required to add all aliases as parameters what is unhandy for
@@ -48,18 +76,18 @@ The ACTIONs for SINGLE certificate handlings are:
- the current certificate will be rejected + deleted (see "delete")
- a new certificate will be added ()
delete FQDN
delete <FQDN>
delete all files of a given certificate
renew FQDN
renew <FQDN>
renew (an already added) certificate
and update files in ./certs
and update files in
show FQDN
show <FQDN>
show place of certificate data and show basic certificate data
(issuer, subject, aliases, ending date)
transfer FQDN
transfer <FQDN>
Transfer cert from acme.sh internal cache to our output dir again.
It is done during add or renew. With transfer command you can repeat it.
@@ -77,7 +105,7 @@ ACTIONs for ALL certs
renew-all
renew all certificates (fast mode - without --force)
and update files in ./certs
and update files in
It is useful for a cronjob.
other ACTIONs
@@ -86,15 +114,6 @@ other ACTIONs
check of health with current setup and requirements.
This command is helpful for initial setups.
OPTIONS
--trace (it must be the 1st parameter)
the output additionally will be written into a tracelog file
below ./log.
DEBUG: Using Let's Encrypt STAGE environment ...
DEBUG: You can test and mess around. Do not use certs in production.
```
## CRUD actions for a certificate
Loading