#Installation

• Install acme.sh client: https://github.com/acmesh-official/acme.sh
• If you use Ansible/ Puppet/ … to renew and deploy new certificates then you can deactivate the acme cronjob (crontab -e)
• Clone or extract files of iml-certman
• Make your changes by copying *dist files to file without “.dist” extension and edit
  • inc_config.sh
    • set credentials for dns api
    • set path to acme.sh script; the default is a relative path for the suggested contellation below.
    • optional: set custom target for generated certificates
    • optional: for testing enable Let’s Encrypt stage server to prevent running into weekly limits during tests
    • optional: set a filter that must match to new certificate and all aliases
  • UNUSED: templates/csr.txt
    • set location, company and department … remark: (currently?) it is removed by LE

A suggested structure is having acme.sh and this wrapper below the same parent directory, i.e.

/opt/letsenecrypt/
  |
  +-- acme.sh/
  |     |
  |     + acme.sh
  |     + ...
  |
  +-- iml-certman/
        |
        +-- certs/
        +-- templates/
        + cm.sh
        + inc_config.sh
        + ...

Verify a new setup (or changes in the config) with ./cm.sh selftest.