Table of Contents

Installation

  • Install acme.sh client: https://github.com/acmesh-official/acme.sh
  • If you use Ansible/ Puppet/ … to renew and deploy new certificates then you can deactivate the acme cronjob (crontab -e)
  • Clone or extract files of iml-certman
  • Make your changes by copying *dist files to file without “.dist” extension and edit
    • inc_config.sh
      • set credentials for dns api
      • set path to acme.sh script; the default is a relative path for the suggested contellation below.
      • optional: set custom target for generated certificates
      • optional: for testing enable Let’s Encrypt stage server to prevent running into weekly limits during tests
      • optional: set a filter that must match to new certificate and all aliases
    • UNUSED: templates/csr.txt
      • set location, company and department … remark: (currently?) it is removed by LE

A suggested structure is having acme.sh and this wrapper below the same parent directory, i.e.

/opt/letsenecrypt/
  |
  +-- acme.sh/
  |     |
  |     + acme.sh
  |     + ...
  |
  +-- iml-certman/
        |
        +-- certs/
        +-- templates/
        + cm.sh
        + inc_config.sh
        + ...

Verify a new setup (or changes in the config) with ./cm.sh selftest.