752 B
752 B
Getting LE certs via auto DNS config
This is helpful when getting certs for domains which are scattered across machines/IPs. The acme.sh script will automatically configure DNS TXT records for LE to verify, instead of relying on Web requests to the machine.
We need to automate this in a cookbook.
Steps
Export Gandi Live DNS API key:
export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
Run acme.sh like this:
acme.sh --issue --dns dns_gandi_livedns -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org
ejabberd
ejabberd needs the key and fullchain files concatenated:
cat /home/basti/.acme.sh/kosmos.org/kosmos.org.key /home/basti/.acme.sh/kosmos.org/fullchain.cer >> conf/kosmos.org.pem