diff options
-rw-r--r-- | readme.md | 12 |
1 files changed, 6 insertions, 6 deletions
@@ -1,11 +1,11 @@ -# PainlessLE: Let's Encrypt Certificate Issuing -Painless issuing a single [X.509 certificate](https://tools.ietf.org/html/rfc5280) for a bunch of hostnames from the **Let's Encrypt** Certification Authority (CA) without having an HTTP server installed (or for those people who do not want to touch their HTTP web directories and place a specific file to accomplish the ACME challenge). PainlessLE assumes that there is already a manually created private key which is used for the Certificate-Signing-Request (CSR) by OpenSSL. The location for the private key is defined within the `"CONFIDENTIAL"` variable and the path should exist with the correct UNIX file permissions. +# PainlessLE: A wrapper script for Certbot +Painless issuing a single [X.509 certificate](https://tools.ietf.org/html/rfc5280) for a bunch of hostnames from the **Let's Encrypt** Certification Authority (CA) without having an HTTP server installed (or for those people who do not want to touch their HTTP web directories and place a specific file to accomplish the ACME challenge). PainlessLE assumes that there is already a manually created private key which is used for the Certificate-Signing-Request (CSR) by OpenSSL. The location for the private key is defined within the `"CONFIDENTIAL"` variable and the path should exist with the desired UNIX file permissions. ## Requirements The [Certbot client](https://certbot.eff.org/) must be installed on your machine because PainlessLE uses this piece of software to communicate over the [ACME protocol](https://tools.ietf.org/html/draft-ietf-acme-acme-01) with the ACME endpoint of Let's Encrypt and runs the ACME challenge. There are no known further requirements for using PainlessLE on Debian GNU/Linux at this time. ## Configuration -Change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for testing purposes. You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shut down a running webserver to release the HTTP(S) port for the standalone webserver before certbot runs the ACME challenge. You can restart your webserver after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`. +Change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for testing purposes. You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shut down a running webserver to release the HTTP(S) port for the standalone webserver before Certbot runs the ACME challenge. You can restart your webserver after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`. ## Arguments @@ -21,7 +21,7 @@ Change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for tes * `[-F]`: Target filename for the certificate full file relative to `[-i]` ## Example -Lets assume you want to get a single X.509 certificate from the Let's Encrypt CA which includes three hostnames of your domain `example.org` (main domain, blog subdomain and shop subdomain). You already have an private key with the correct UNIX file permissions stored within the following example directory with the name `confidential.pem`: +Lets assume you want to get a single X.509 certificate from the Let's Encrypt CA which includes three hostnames of your domain `example.org` (main domain, blog subdomain and shop subdomain). You already have a private key with the desired UNIX file permissions stored within the following example directory with the name `confidential.pem`: /etc/painless-le/example.org/ └── [-rw-r----- user group ] confidential.pem @@ -30,7 +30,7 @@ The next step is to execute `painless-le.sh` and providing the `-i` and `-h` opt painless-le.sh -i /etc/painless-le/example.org/ -h example.org:blog.example.org:shop.example.org -The certbot client will now contact the ACME challenge servers and runs a temporary standalone webserver on your machine to accomplish the ACME challenge. If all works fine, you have nothing to intervene. After the command was successfully executed, you will see your certificates within your desired install directory (the certificates inherit the permissions of the `confidential.pem` file) and you're done: +The Certbot client will now contact the ACME challenge servers and runs a temporary standalone webserver on your machine to accomplish the ACME challenge. If all works fine, you have nothing to intervene. After the command was successfully executed, you will see your certificates within your desired install directory (the certificate files will inherit the UNIX permissions of the `confidential.pem` file) and you're done: /etc/painless-le/example.org/ ├── [-rw-r----- user group ] certificate_full.pem @@ -38,4 +38,4 @@ The certbot client will now contact the ACME challenge servers and runs a tempor ├── [-rw-r----- user group ] confidential.pem └── [-rw-r----- user group ] intermediate.pem -**Note:** The new certificates inherit the UNIX file permissions (**chmod** and **chown**) of the private key `confidential.pem`!
\ No newline at end of file +**Note:** The new certificate files inherit the UNIX file permissions (**chmod** and **chown**) of the private key `confidential.pem`!
\ No newline at end of file |