acme.sh | A pure Unix shell script implementing ACME client protocol | TLS library
kandi X-RAY | acme.sh Summary
kandi X-RAY | acme.sh Summary
It's probably the easiest & smartest shell script to automatically issue & renew the free certificates. For Docker Fans: acme.sh :two_hearts: Docker.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of acme.sh
acme.sh Key Features
acme.sh Examples and Code Snippets
Community Discussions
Trending Discussions on acme.sh
QUESTION
I have a VPS with nginx-proxy container, and I create some wordpress website with phpmyadmin service. If I want to create another site with this definition I got "same port" problem. Ok, I can change the port to 2998 and it works fine but I need to add a new open port to my VPS. I don't want to add or change the port for each site.
Now:
- example-a.com:2999 -> example-a phpmyadmin login page
- examlpe-b.com:2998 -> example-b phpymadmin login page
Is there a way to direct me to the appropriate container by domain address?
- example-a.com:2999 -> example-a phpmyadmin login page
- examlpe-b.com:2999 -> example-b phpymadmin login page
My nginx proxy definition
...ANSWER
Answered 2022-Mar-07 at 12:49What you want is not possible, but you probably don't actually want it. It becomes clear once you think through what you want to configure, and what would happen if a user would go to either URL:
- you have configured
example-a.comto point to your IP - you have configured
example-b.comto point to your IP - you have configured your
nginx-proxycontainer to listen on ports80and443 - you want to configure your WordPress containers to both listen on port
2999 - you, or rather the
acme-companion, have configured yournginxcontainer to forward HTTP requests that ask for hostexample-a.comto go to the container for example A with port2999, and requests that ask forexample-b.comto go to container B with port2999
Now, you can see right away that you have two things attempting to listen on the same network interface with port 2999 - that doesn't work, and it can't, because who would handle picking up incoming requests before the request is parsed to find out which host it wanted ? Container A can't accept the request and, if it's meant for B, hand the request over - A doesn't know about B.
So if you think about a user sending a request to example-a.com:2999, what really happens is that a request goes to :2999, just like if a user goes to example-b.com:2999, it will end up going to :2999.
How can that problem be solved ? By having a third container C that accepts user requests, looks into the request, and based on whether they wanted container A or B, hands the request over to A or B.
Here is the great thing: you already have that! Container C is really your nginx container, which is listening on port 80/443. So if your users go to example-a.com without providing a port, it will go to 80 or 443 (depending on whether they used http or https). Then, nginx will analyze the request, and send it to the correct container. For this, it doesn't really matter what port A and B listen on, because to the outside world, it looks like they are listening on 80/443.
So the real answer is that while you can't combine custom ports with virtual hosts and use the same port for multiple containers (other than 80/443), you don't actually NEED custom ports in the first place! If you just configure your containers with the default ports, users can use both https://example-a.com and https://example-b.com and it will 'just work'™
QUESTION
I have some terrform code which works, but i want to able to ignore the DNS TXT Record value as this is updated externally using another tool (acme.sh), I have tried multiple differnt types of HCL to ignore the value, the terraform HCL does not fail, just set's the value back to the original value
Any help would be appreciated.
...ANSWER
Answered 2021-Nov-02 at 04:10I tried testing using the same code that you have provided and was successfully able to deploy the resources , then manually changed the value of record for portal and applied the terraform code again and it didn't do any changes just changed the value of the previous record to the newer value changes from portal in the terraform state file.
Note: I used Terraform v1.0.5 on windows_amd64 + provider registry.terraform.io/hashicorp/azurerm v2.83.0.
As confirmed by @Lain , the issue was resolved after upgrading the azurerm from 2.70.0 to latest.
QUESTION
I have a domain in stealth mode, protected by basic auth. Basic auth is not supported by Letsencrypt and probably never will (https://github.com/certbot/certbot/issues/1744#issuecomment-162038303).
After moving from Nginx to Yaws, the next Letsencrypt renewal is scheduled. So here is a problem. I could disable basic auth in Yaws, do the renewal and then enable again, but that is no real solution.
There are easy workarounds for Apache and Nginx, i.e. define an exception to basic auth for the directory /.well-known/acme-challenge.
How to do that in Yaws? The basic auth definition for my domain in yaws.conf is now
ANSWER
Answered 2021-Oct-17 at 20:50For each subdirectory you want to exclude, add a .yaws_auth file to that subdirectory with the contents
QUESTION
I'm trying to folllow Azure Tutorial on how to get Api Management under a vnet and accessible through an application gateway (WAF). I'm stuck trying to upload the root cert into application gateway. It says that the "Data for certificate is invalid", apparently Azure Application gateway doesn’t like Letsencrypt certs.
My certs are:
- mydomain.com.br
- api.mydomain.com.br
- developer.mydomain.com.br
- managemnet.mydomain.com.br
I have used acmesh to generate all certs:
...ANSWER
Answered 2021-Aug-30 at 21:17Why you want to add the Lets Encrypt Root CA cert on your application gateway?
From my understanding the Root CA from Lets Encrypt is ISRG Root X1 and this one should be already trusted by Clients (Browsers).You only want to add the Root CA if you have self signed certificates.
Here is a workflow with storing the certs in Azure Key Vault: https://techblog.buzyka.de/2021/02/make-lets-encrypt-certificates-love.html
Another Workflow here describes adding certs with ACME challenges: https://intelequia.com/blog/post/1012/automating-azure-application-gateway-ssl-certificate-renewals-with-let-s-encrypt-and-azure-automation
QUESTION
I'm trying to run a fairly simple docker stack, but for some reason it is failing to register certificates.
My composer:
...ANSWER
Answered 2021-Sep-13 at 11:46If anyone stumbles on to this issue then here is the fix. It seems to affect alpine version 3.13 and probably other ones.
QUESTION
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name creationist.codes;
root /var/www/creationist/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
ssl_certificate /etc/letsencrypt/creationist.codes/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/creationist.codes/creationist.codes.key;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2369;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
ANSWER
Answered 2021-Aug-28 at 21:14The error message says "proxy_pass" directive is not allowed here ...:28. If you check the line :28 you can see that you have some statements which starts with proxy_pass http://websocket; ... and which are out of the server {...} scope.
The proxy pass directive must be used in the scope of a location. So I would remove everything which is out of server {...}. Also make sure that the service defined at line 17 (proxy_pass http://127.0.0.1:2369;) is up and running.
QUESTION
root@vultr:~# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-07-28 02:16:44 UTC; 23min ago
Docs: man:nginx(8)
Main PID: 12999 (nginx)
Tasks: 2 (limit: 1148)
Memory: 8.2M
CGroup: /system.slice/nginx.service
├─12999 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─13000 nginx: worker process
Jul 28 02:16:44 vultr.guest systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 28 02:16:44 vultr.guest systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Jul 28 02:16:44 vultr.guest systemd[1]: Started A high performance web server and a reverse proxy server.
ANSWER
Answered 2021-Aug-03 at 12:15From acme.sh v3.0.0, acme.sh is using Zerossl as default ca, you must register the account first(one-time) before you can issue new certs.
Here is how ZeroSSL compares with LetsEncrypt.
With ZeroSSL as CAYou must register at ZeroSSL before issuing a certificate. To register run the below command (assuming yyyy@yahoo.com is email with which you want to register)
QUESTION
I am trying to go rootless with Docker.
I have followed all the steps presented in the official documentation. I also allowed the use of the unprivileged ports, to include the 443.
To test if everything works the way I need it, I installed the "nginx-proxy-automation".
Everything got installed flawlessly. However, the jrcs/letsencrypt-nginx-proxy-companion:2.1 container
ANSWER
Answered 2021-Jul-13 at 03:14This is a jrcs/letsencrypt-nginx-proxy-companion specific bug, if you look in the docker-compose.yml you will see this.
QUESTION
I'm getting errors, such as the one below, in my /var/log/mail.log file.
...ANSWER
Answered 2021-Apr-10 at 15:31So, turns out, when I updated my certificate locations when I changed the method of acquiring them (certbot vs acme.sh), I got a typo in one of the filenames. /etc/dovecot/conf.d/10-ssl.conf was correct and so was /etc/postfix/main.cf, but /etc/postfix/vmail_ssl.map had a typo which I didn't see previously - and so was throwing a certificate error.
QUESTION
I have been using acme.sh to generate several in-house website certificates
Of late, I am trying to automate this task.
I have the following within my bash script:
...ANSWER
Answered 2021-Mar-10 at 23:30cd [dir] is used to change the current directory. The optional dir is a single directory. You clarified that the directory in question had a literal '*' so escape that with cd ~/.acme.sh/\*.domain.com/:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install acme.sh
Clone this project and launch installation:. You don't have to be root then, although it is recommended.
Create and copy acme.sh to your home dir ($HOME): ~/.acme.sh/. All certs will be placed in this folder too.
Create alias for: acme.sh=~/.acme.sh/acme.sh.
Create daily cron job to check and renew the certs if needed.
After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. You MUST use this command to copy the certs to the target files, DO NOT use the certs files in ~/.acme.sh/ folder, they are for internal use only, the folder structure may change in the future. Only the domain is required, all the other parameters are optional. The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission. Install/copy the cert/key to the production Apache or Nginx path. The cert will be renewed every 60 days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: service apache2 force-reload or service nginx force-reload.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
