aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Lange <code@nerdmind.de>2022-10-22 16:39:43 +0200
committerThomas Lange <code@nerdmind.de>2022-10-22 16:39:43 +0200
commit5744c868355e8c1bebee2f7900c57817d3e39529 (patch)
treebe3b4a1889496d4e38bb595511119dc5891728f6
parent95eaa0d07ff772f59021baf64e5166af508efdcb (diff)
downloadpainlessle-5744c868355e8c1bebee2f7900c57817d3e39529.tar.gz
painlessle-5744c868355e8c1bebee2f7900c57817d3e39529.tar.xz
painlessle-5744c868355e8c1bebee2f7900c57817d3e39529.zip
Put script into package directory
Put the script into the package directory which reflects the directory structure of /usr/local. This makes it easily possible to install the script to /usr/local/sbin with a tool like *GNU Stow*.
-rwxr-xr-xpackage/sbin/painless-le (renamed from painless-le.sh)0
-rw-r--r--readme.md15
2 files changed, 13 insertions, 2 deletions
diff --git a/painless-le.sh b/package/sbin/painless-le
index 19743c0..19743c0 100755
--- a/painless-le.sh
+++ b/package/sbin/painless-le
diff --git a/readme.md b/readme.md
index 8df6fd1..f9657d5 100644
--- a/readme.md
+++ b/readme.md
@@ -4,6 +4,17 @@ Painless issuing a single [X.509 certificate](https://tools.ietf.org/html/rfc528
## Requirements
The [Certbot client](https://certbot.eff.org/) must be installed on your machine because PainlessLE uses this piece of software to communicate over the [ACME protocol](https://tools.ietf.org/html/draft-ietf-acme-acme-01) with the ACME endpoint of Let's Encrypt and runs the ACME challenge. There are no known further requirements for using PainlessLE on Debian GNU/Linux at this time.
+## Installation
+Beside the possibility to manually place the script in some directory, you can use the more elegant way with [*GNU Stow*](https://www.gnu.org/software/stow/) to map the content of the `package` directory via symbolic links properly to `/usr/local`:
+
+~~~bash
+cd /usr/local/src
+git clone $REPO && cd $REPO
+stow -t /usr/local package
+~~~
+
+Make sure that no unprivileged user has write permissions on `/usr/local/sbin`, the symlink targets (in case you've choosen `stow`) and/or the `painless-le` script, because PainlessLE is usually executed with `root` privileges.
+
## Configuration
Change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for testing purposes. You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shut down a running webserver to release the HTTP(S) port for the standalone webserver before Certbot runs the ACME challenge. You can restart your webserver after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`.
@@ -26,9 +37,9 @@ Lets assume you want to get a single X.509 certificate from the Let's Encrypt CA
/etc/painless-le/example.org/
└── [-rw-r----- user group ] confidential.pem
-The next step is to execute `painless-le.sh` and providing the `-i` and `-h` options which are described above. In this example, the complete command-line string with the desired install directory `/etc/painless-le/example.org` and the desired hostnames `example.org`, `blog.example.org` and `shop.example.org` looks as follows:
+The next step is to execute `painless-le` and providing the `-i` and `-h` options which are described above. In this example, the complete command-line string with the desired install directory `/etc/painless-le/example.org` and the desired hostnames `example.org`, `blog.example.org` and `shop.example.org` looks as follows:
- painless-le.sh -i /etc/painless-le/example.org/ -h example.org:blog.example.org:shop.example.org
+ painless-le -i /etc/painless-le/example.org/ -h example.org:blog.example.org:shop.example.org
The Certbot client will now contact the ACME challenge servers and runs a temporary standalone webserver on your machine to accomplish the ACME challenge. If all works fine, you have nothing to intervene. After the command was successfully executed, you will see your certificates within your desired install directory (the certificate files will inherit the UNIX permissions of the `confidential.pem` file) and you're done: