Page MenuHomeDevCentral
Create Task
Maniphest T2043

Switch to acme.sh instead of certbot
Open, HighPublic
Actions

Description

Python dependencies and versions of Python supported by Certbot or dependencies,
combined to wide adoption of acme.sh, led us to decide to switch to that software
to provision and renew Let's Encrypt certificates.

Software: https://github.com/acmesh-official/acme.sh
Documentation: https://agora.nasqueron.org/Operations_grimoire/TLS_certificates

Revisions and Commits

rOPS Nasqueron Operations
D3546rOPS3cfb17e40ac2 Configure acme.sh
D3624rOPS45924b056323 Update TLS certificates paths for mail.nasqueron.org
D3577rOPS4d001329753e Update certificate path for acme.sh on hervil

Related Objects

Event Timeline

DorianWinty created this task.Oct 3 2024, 19:39
DorianWinty added a comment.Oct 3 2024, 19:51

https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode

DorianWinty added a comment.Oct 4 2024, 17:25

Message from acme.sh-3.0.9:

This script will create the following directories if they do not exist:

~acme/.acme.sh
~acme/certs

The script will also install ~acme/.acme.sh/account.conf.sample which has
sane defaults. Copy this to ~acme/.acme.sh/account.conf and edit contents
to suit.

If you have EXAMPLES on:

  • In the /usr/local/share/examples/acme.sh directory, you can find the dnsapi scripts which will be useful if you decide to use dns-01 challenges. Also included are the deploy scripts.
  • A newsyslog.conf sample file is installed at /usr/local/etc/newsyslog.conf.d/acme.sh.conf - you must modify it by at least uncommenting the line.
  • If you run newsyslog -NC it will create the required logfiles.
  • Please review /usr/local/share/examples/acme.sh/acme.sh-cron.d - instructions are contained in that file.
dereckson triaged this task as High priority.Oct 8 2024, 00:15
dereckson mentioned this in T2052: Salt mixes Python and grep regular expressions for SELinux code.Oct 9 2024, 18:44
dereckson added a subtask: T1599: Install TLS wildcard certificates for nginx fallback vhost.Oct 12 2024, 09:44
dereckson removed a subtask: T1599: Install TLS wildcard certificates for nginx fallback vhost.
dereckson added a project: Operations sprints (Ignite Alkane Propulsion).
dereckson moved this task from Backlog to Working on on the Operations sprints (Ignite Alkane Propulsion) board.
DorianWinty added a revision: D3546: Configure acme.sh.Oct 20 2024, 21:07
DorianWinty added a revision: D3577: Update certificate path for acme.sh on hervil.Nov 6 2024, 18:51
dereckson added a commit: rOPS4d001329753e: Update certificate path for acme.sh on hervil.Nov 30 2024, 12:48
DorianWinty mentioned this in T2098: acme.sh configure provisionning of the nginx check and reload.Thu, Jan 2, 14:44
dereckson added a commit: rOPS45924b056323: Update TLS certificates paths for mail.nasqueron.org.Fri, Jan 3, 12:04
dereckson added a commit: rOPS3cfb17e40ac2: Configure acme.sh.
dereckson updated the task description. (Show Details)
dereckson updated the task description. (Show Details)Fri, Jan 3, 12:08
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator