# Installation

* Install acme.sh client: <https://github.com/acmesh-official/acme.sh>
* If you use Ansible/ Puppet/ ... to renew and deploy new certificates then you can deactivate the acme cronjob (`crontab -e`)
* Clone or extract files of iml-certman
* Make your changes by copying *dist files to file without ".dist" extension and edit
  * inc_config.sh
    * set credentials for dns api
    * set path to acme.sh script; the default is a relative path for the suggested contellation below.
    * optional: set custom target for generated certificates
    * optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
    * optional: set a filter that must match to new certificate and all aliases
  * UNUSED: templates/csr.txt
    * set location, company and department ... remark: (currently?) it is removed by LE

A suggested structure is having acme.sh and this wrapper below the same parent directory, i.e.

```text
/opt/letsenecrypt/
  |
  +-- acme.sh/
  |     |
  |     + acme.sh
  |     + ...
  |
  +-- iml-certman/
        |
        +-- certs/
        +-- templates/
        + cm.sh
        + inc_config.sh
        + ...
```

Verify a new setup (or changes in the config) with `./cm.sh selftest`.