diff options
author | Thomas Lange <code@nerdmind.de> | 2016-12-20 01:22:44 +0100 |
---|---|---|
committer | Thomas Lange <code@nerdmind.de> | 2016-12-20 01:22:44 +0100 |
commit | 63dc4d1ebc662026e6442229b31587dff886c1cd (patch) | |
tree | 15ad976cfc76ce2664291d5ceeaf1a933fda3730 | |
parent | c24b4bbe90eda4942932c1edbed9a242fcc72380 (diff) | |
download | painlessle-63dc4d1ebc662026e6442229b31587dff886c1cd.tar.gz painlessle-63dc4d1ebc662026e6442229b31587dff886c1cd.tar.xz painlessle-63dc4d1ebc662026e6442229b31587dff886c1cd.zip |
Email address is only needed when creating an account on the ACME server.
-rwxr-xr-x | painless-le.sh | 7 | ||||
-rw-r--r-- | readme.md | 2 |
2 files changed, 4 insertions, 5 deletions
diff --git a/painless-le.sh b/painless-le.sh index f36a3a8..ad5a376 100755 --- a/painless-le.sh +++ b/painless-le.sh @@ -18,9 +18,8 @@ [ -z "$2" ] && echo 'Missing argument $2' && exit 1 || ARGUMENT_HOSTNAMES="$2" #=============================================================================== -# Information about the Let's encrypt account +# Define the ACME endpoint address #=============================================================================== -LETSENCRYPT_MAILADDR="john.doe@example.org" LETSENCRYPT_ENDPOINT="https://acme-v01.api.letsencrypt.org/directory" #LETSENCRYPT_ENDPOINT="https://acme-staging.api.letsencrypt.org/directory" @@ -69,8 +68,8 @@ fi #=============================================================================== # Execute Let's Encrypt and accomplish the ACME challenge to get the certificate #=============================================================================== -certbot certonly --authenticator standalone --text --server "${LETSENCRYPT_ENDPOINT}" --email "${LETSENCRYPT_MAILADDR}" \ ---csr "${REQUESTFILE}" --cert-path "${CERTIFICATE_ONLY}" --fullchain-path "${CERTIFICATE_FULL}" --chain-path "${INTERMEDIATE}" +certbot certonly --authenticator standalone --text --server "${LETSENCRYPT_ENDPOINT}" --csr "${REQUESTFILE}" \ +--cert-path "${CERTIFICATE_ONLY}" --fullchain-path "${CERTIFICATE_FULL}" --chain-path "${INTERMEDIATE}" #=============================================================================== # Adjust the UNIX permissions with owner and group for the new created files @@ -2,7 +2,7 @@ Painless issuing a single [X.509 certificate](https://tools.ietf.org/html/rfc5280) for a bunch of hostnames from the **Let's Encrypt** Certification Authority (CA) without having a HTTP server installed (or for those people who do not want to touch their HTTP web directories and place a specific file to accomplish the ACME challenge). PainlessLE assumes that there is already a manually created RSA private key which is used for the Certificate-Signing-Request (CSR) by OpenSSL. The location for the RSA private key is defined within the `"CONFIDENTIAL"` variable and the path should exist with the correct UNIX file permissions. ## Configuration -The email address which is used for the **Let's Encrypt** account is defined within `LETSENCRYPT_MAILADDR`. It is possible to change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for testing purposes. You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shutting down a running webserver to release the HTTP(S) port for the standalone webserver before certbot runs the ACME challenge. You can restart your webserver after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`. +Change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for testing purposes. You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shutting down a running webserver to release the HTTP(S) port for the standalone webserver before certbot runs the ACME challenge. You can restart your webserver after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`. ## Arguments 1. `ARGUMENT_DIRECTORY` contains a string with the directory path where the certificates should be installed. This directory should already contain a manually created RSA private key for the Certificate-Signing-Request (CSR). It's always a good idea to handle the RSA private keys manually because you may use [HTTP Public-Key-Pinning (HPKP)](https://tools.ietf.org/html/rfc7469) so that you must ensure, that the RSA private key does not change. |