44 lines
1.6 KiB
Markdown
Executable File
44 lines
1.6 KiB
Markdown
Executable File
# Overview
|
|
|
|
Script to automate management of letsencrypt SSL certificates, supporting wildcard certs.
|
|
|
|
# Requirements
|
|
- [certbot](https://certbot.eff.org/)
|
|
|
|
|
|
# Features
|
|
|
|
- Generation and renewal of SSL certificates using certbot
|
|
- Handles DNS challenges
|
|
- Supports wildcard certificates
|
|
- Supports "silent master" DNS architectures
|
|
- Pushes generated/renewed certificates out to web servers
|
|
|
|
# Usage
|
|
|
|
# Generate configuration and scripts in ~/.lehook/
|
|
bash$ ./lehook.sh -i
|
|
Creating config in /Users/rob/.lehook...
|
|
Creating hardlinks in /Users/rob/.lehook...
|
|
Init complete. Files are in /Users/rob/.lehook.
|
|
Main binary in /usr/local/bin/lehook.sh.
|
|
|
|
# Usage
|
|
bash$ ./lehook.sh -h
|
|
usage: ./lehook.sh OPTIONS mode [domain1] ... [domainX]
|
|
Pushes wildcard SSL certs for the given domains to hosts [default: example.net].
|
|
|
|
mode is one of: deploy|renew|generate|test
|
|
|
|
-A In generate/renew modes, Also deploy certs if needed
|
|
-c Cron mode - only output if something is done.
|
|
-f Push out certs even if they haven't changed.
|
|
-i Iniitalise new config file in /Users/rpearce/.lehook/config
|
|
-r remotes Only push certs to the given remotes [default: webserver1 webserver2.example.org webserver3.example.net]
|
|
-s services Only restart the given services [default: nginx httpd ngircd dovecot postfix]
|
|
-d domain Only push cert for given domain [default: example.net].
|
|
-q Quiet mode - no output except errors
|
|
-v Verbose mode - show certbot output
|
|
-h Show this text.
|
|
|